← Voltar para CVEs
CVE-2013-0625
CRITICALCISA KEV9.8
Descricao
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/9/2013
Ultima modificacao4/21/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAdobe
ProdutoColdFusion
Nome da vulnerabilidadeAdobe ColdFusion Authentication Bypass Vulnerability
Data inclusao KEV2022-03-07
Prazo de remediacao2022-09-07
Uso em ransomwareUnknown
Produtos afetados
adobe:coldfusionapple:mac_os_xmicrosoft:windowsopengroup:unix
Fraquezas (CWE)
CWE-287CWE-287
Referencias
http://www.adobe.com/support/security/advisories/apsa13-01.html(psirt@adobe.com)
http://www.adobe.com/support/security/bulletins/apsb13-03.html(psirt@adobe.com)
http://www.securityfocus.com/bid/57164(psirt@adobe.com)
http://www.adobe.com/support/security/advisories/apsa13-01.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb13-03.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/57164(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.