CVE-2019-7091

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Link	Resource
https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html	Vendor Advisory

Configuration 1

cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2016:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*

---

Published : 2019-05-24 07:29

Updated : 2020-09-04 02:21

---

NVD link : CVE-2019-7091

Mitre link : CVE-2019-7091

No products.

CWE-502

Deserialization of Untrusted Data