← Zuruck zu CVEs

CVE-2013-0632

CRITICALCISA KEV

9.8

Beschreibung

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/17/2013

Zuletzt geandert4/21/2026

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerAdobe

ProduktColdFusion

SchwachstellennameAdobe ColdFusion Authentication Bypass Vulnerability

KEV Aufnahmedatum2022-03-03

Behebungsfrist2022-03-24

Ransomware-NutzungUnknown

Betroffene Produkte

adobe:coldfusion

Schwachen (CWE)

CWE-276CWE-276

Referenzen

http://www.adobe.com/support/security/advisories/apsa13-01.html(psirt@adobe.com)

http://www.adobe.com/support/security/bulletins/apsb13-03.html(psirt@adobe.com)

http://www.exploit-db.com/exploits/30210(psirt@adobe.com)

http://www.adobe.com/support/security/advisories/apsa13-01.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.adobe.com/support/security/bulletins/apsb13-03.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.exploit-db.com/exploits/30210(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0632(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.