What is the severity of CVE-2017-11283?

CVE-2017-11283 is rated as critical due to its potential to allow an attacker to exploit the vulnerability and execute arbitrary code.

How do I fix CVE-2017-11283?

To fix CVE-2017-11283, upgrade to Adobe ColdFusion 2016 Update 5 or later, or ColdFusion 11 Update 13 or later.

What versions of Adobe ColdFusion are affected by CVE-2017-11283?

CVE-2017-11283 affects Adobe ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier.

What type of vulnerability is CVE-2017-11283?

CVE-2017-11283 is categorized as an Untrusted Data Deserialization vulnerability.

Can CVE-2017-11283 lead to data breaches?

Yes, CVE-2017-11283 can potentially lead to data breaches as it allows an attacker to execute arbitrary code.

Vulnerability/
CVE-2017-11283

critical

9.8

CWE

502

1/12/2017

4/9/2020

CVE-2017-11283

First published: Fri Dec 01 2017(Updated: )

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=11.0
Adobe ColdFusion	=11.0-update1
Adobe ColdFusion	=11.0-update10
Adobe ColdFusion	=11.0-update11
Adobe ColdFusion	=11.0-update12
Adobe ColdFusion	=11.0-update2
Adobe ColdFusion	=11.0-update3
Adobe ColdFusion	=11.0-update4
Adobe ColdFusion	=11.0-update5
Adobe ColdFusion	=11.0-update6
Adobe ColdFusion	=11.0-update7
Adobe ColdFusion	=11.0-update8
Adobe ColdFusion	=11.0-update9
Adobe ColdFusion	=2016
Adobe ColdFusion	=2016-update1
Adobe ColdFusion	=2016-update2
Adobe ColdFusion	=2016-update3
Adobe ColdFusion	=2016-update4

Remedy

https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-11283?
CVE-2017-11283 is rated as critical due to its potential to allow an attacker to exploit the vulnerability and execute arbitrary code.
How do I fix CVE-2017-11283?
To fix CVE-2017-11283, upgrade to Adobe ColdFusion 2016 Update 5 or later, or ColdFusion 11 Update 13 or later.
What versions of Adobe ColdFusion are affected by CVE-2017-11283?
CVE-2017-11283 affects Adobe ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier.
What type of vulnerability is CVE-2017-11283?
CVE-2017-11283 is categorized as an Untrusted Data Deserialization vulnerability.
Can CVE-2017-11283 lead to data breaches?
Yes, CVE-2017-11283 can potentially lead to data breaches as it allows an attacker to execute arbitrary code.

collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/remedy
agent/last-modified-date
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/11.0
version/adobe coldfusion/11.0-update1
version/adobe coldfusion/11.0-update10
version/adobe coldfusion/11.0-update11
version/adobe coldfusion/11.0-update12
version/adobe coldfusion/11.0-update2
version/adobe coldfusion/11.0-update3
version/adobe coldfusion/11.0-update4
version/adobe coldfusion/11.0-update5
version/adobe coldfusion/11.0-update6
version/adobe coldfusion/11.0-update7
version/adobe coldfusion/11.0-update8
version/adobe coldfusion/11.0-update9
version/adobe coldfusion/2016
version/adobe coldfusion/2016-update1
version/adobe coldfusion/2016-update2
version/adobe coldfusion/2016-update3
version/adobe coldfusion/2016-update4

Frequently Asked Questions

What is the severity of CVE-2017-11283?
CVE-2017-11283 is rated as critical due to its potential to allow an attacker to exploit the vulnerability and execute arbitrary code.
How do I fix CVE-2017-11283?
To fix CVE-2017-11283, upgrade to Adobe ColdFusion 2016 Update 5 or later, or ColdFusion 11 Update 13 or later.
What versions of Adobe ColdFusion are affected by CVE-2017-11283?
CVE-2017-11283 affects Adobe ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier.
What type of vulnerability is CVE-2017-11283?
CVE-2017-11283 is categorized as an Untrusted Data Deserialization vulnerability.
Can CVE-2017-11283 lead to data breaches?
Yes, CVE-2017-11283 can potentially lead to data breaches as it allows an attacker to execute arbitrary code.

CVE-2017-11283

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-11283?

How do I fix CVE-2017-11283?

What versions of Adobe ColdFusion are affected by CVE-2017-11283?

What type of vulnerability is CVE-2017-11283?

Can CVE-2017-11283 lead to data breaches?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-11283?

How do I fix CVE-2017-11283?

What versions of Adobe ColdFusion are affected by CVE-2017-11283?

What type of vulnerability is CVE-2017-11283?

Can CVE-2017-11283 lead to data breaches?