What is the severity of CVE-2018-15958?

The severity of CVE-2018-15958 is critical with a CVSS score of 9.8.

What is the affected software for CVE-2018-15958?

The affected software for CVE-2018-15958 is Adobe ColdFusion versions 11.0 and 2016, including various updates.

How can CVE-2018-15958 be exploited?

CVE-2018-15958 can be exploited through deserialization of untrusted data, leading to arbitrary code execution.

Are there any patches or updates available for CVE-2018-15958?

Yes, Adobe has released updates to address the vulnerability. Please refer to the Adobe Security Bulletin APSB18-33 for more information.

Where can I find more information about CVE-2018-15958?

You can find more information about CVE-2018-15958 on the following websites: SecurityFocus, SecurityTracker, and the Adobe Security Bulletin APSB18-33.

Vulnerability/
CVE-2018-15958

critical

CWE

502

25/9/2018

5/8/2024

CVE-2018-15958

First published: Tue Sep 25 2018(Updated: )

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=11.0
Adobe ColdFusion	=11.0-update1
Adobe ColdFusion	=11.0-update10
Adobe ColdFusion	=11.0-update11
Adobe ColdFusion	=11.0-update12
Adobe ColdFusion	=11.0-update13
Adobe ColdFusion	=11.0-update14
Adobe ColdFusion	=11.0-update2
Adobe ColdFusion	=11.0-update3
Adobe ColdFusion	=11.0-update4
Adobe ColdFusion	=11.0-update5
Adobe ColdFusion	=11.0-update6
Adobe ColdFusion	=11.0-update7
Adobe ColdFusion	=11.0-update8
Adobe ColdFusion	=11.0-update9
Adobe ColdFusion	=2016
Adobe ColdFusion	=2016-update1
Adobe ColdFusion	=2016-update2
Adobe ColdFusion	=2016-update3
Adobe ColdFusion	=2016-update4
Adobe ColdFusion	=2016-update5
Adobe ColdFusion	=2016-update6
Adobe ColdFusion	=2018

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-15958?
The severity of CVE-2018-15958 is critical with a CVSS score of 9.8.
What is the affected software for CVE-2018-15958?
The affected software for CVE-2018-15958 is Adobe ColdFusion versions 11.0 and 2016, including various updates.
How can CVE-2018-15958 be exploited?
CVE-2018-15958 can be exploited through deserialization of untrusted data, leading to arbitrary code execution.
Are there any patches or updates available for CVE-2018-15958?
Yes, Adobe has released updates to address the vulnerability. Please refer to the Adobe Security Bulletin APSB18-33 for more information.
Where can I find more information about CVE-2018-15958?
You can find more information about CVE-2018-15958 on the following websites: SecurityFocus, SecurityTracker, and the Adobe Security Bulletin APSB18-33.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/11.0
version/adobe coldfusion/11.0-update1
version/adobe coldfusion/11.0-update10
version/adobe coldfusion/11.0-update11
version/adobe coldfusion/11.0-update12
version/adobe coldfusion/11.0-update13
version/adobe coldfusion/11.0-update14
version/adobe coldfusion/11.0-update2
version/adobe coldfusion/11.0-update3
version/adobe coldfusion/11.0-update4
version/adobe coldfusion/11.0-update5
version/adobe coldfusion/11.0-update6
version/adobe coldfusion/11.0-update7
version/adobe coldfusion/11.0-update8
version/adobe coldfusion/11.0-update9
version/adobe coldfusion/2016
version/adobe coldfusion/2016-update1
version/adobe coldfusion/2016-update2
version/adobe coldfusion/2016-update3
version/adobe coldfusion/2016-update4
version/adobe coldfusion/2016-update5
version/adobe coldfusion/2016-update6
version/adobe coldfusion/2018