CVE-2019-7839
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
12/06/2019
Last modified:
17/06/2026
Description
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update14:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update15:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update16:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update17:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update18:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html
- https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html
- https://seclists.org/bugtraq/2019/Jun/38
- http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html
- https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html
- https://seclists.org/bugtraq/2019/Jun/38



