CVE-2019-7839
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
12/06/2019
Last modified:
04/09/2020
Description
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update14:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update15:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update16:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update17:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update18:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page