First published: Sat May 19 2018(Updated: )
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | =11.0 | |
Adobe ColdFusion | =11.0-update1 | |
Adobe ColdFusion | =11.0-update10 | |
Adobe ColdFusion | =11.0-update11 | |
Adobe ColdFusion | =11.0-update12 | |
Adobe ColdFusion | =11.0-update13 | |
Adobe ColdFusion | =11.0-update2 | |
Adobe ColdFusion | =11.0-update3 | |
Adobe ColdFusion | =11.0-update4 | |
Adobe ColdFusion | =11.0-update5 | |
Adobe ColdFusion | =11.0-update6 | |
Adobe ColdFusion | =11.0-update7 | |
Adobe ColdFusion | =11.0-update8 | |
Adobe ColdFusion | =11.0-update9 | |
Adobe ColdFusion | =2016 | |
Adobe ColdFusion | =2016-update1 | |
Adobe ColdFusion | =2016-update2 | |
Adobe ColdFusion | =2016-update3 | |
Adobe ColdFusion | =2016-update4 | |
Adobe ColdFusion | =2016-update5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-4942 is considered high severity due to its exploitable Unsafe XML External Entity Processing vulnerability.
To fix CVE-2018-4942, update your Adobe ColdFusion to the latest version available that includes the security patch.
CVE-2018-4942 affects Adobe ColdFusion versions prior to Update 6, including ColdFusion 11 and 2016.
Exploitation of CVE-2018-4942 could lead to information disclosure, potentially exposing sensitive data.
There are no specific workarounds for CVE-2018-4942, and updating ColdFusion is the recommended action.