First published: Fri Oct 14 2022(Updated: )
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | =2018 | |
Adobe ColdFusion | =2018-update1 | |
Adobe ColdFusion | =2018-update10 | |
Adobe ColdFusion | =2018-update11 | |
Adobe ColdFusion | =2018-update12 | |
Adobe ColdFusion | =2018-update13 | |
Adobe ColdFusion | =2018-update14 | |
Adobe ColdFusion | =2018-update2 | |
Adobe ColdFusion | =2018-update3 | |
Adobe ColdFusion | =2018-update4 | |
Adobe ColdFusion | =2018-update5 | |
Adobe ColdFusion | =2018-update6 | |
Adobe ColdFusion | =2018-update7 | |
Adobe ColdFusion | =2018-update8 | |
Adobe ColdFusion | =2018-update9 | |
Adobe ColdFusion | =2021 | |
Adobe ColdFusion | =2021-update1 | |
Adobe ColdFusion | =2021-update2 | |
Adobe ColdFusion | =2021-update3 | |
Adobe ColdFusion | =2021-update4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38420 is a vulnerability in Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) that allows attackers to gain access to start/stop arbitrary services and cause application denial-of-service.
CVE-2022-38420 has a severity rating of 7.5 out of 10, indicating a high severity.
CVE-2022-38420 can be exploited without user interaction to gain unauthorized access to start/stop arbitrary services, which can lead to application denial-of-service.
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by CVE-2022-38420.
To mitigate CVE-2022-38420, it is recommended to update Adobe ColdFusion to a version that includes the necessary security patches as provided by Adobe.