CVE-2013-0632
KEV
🔴 Łataj teraz
Obejście uwierzytelnienia w Adobe ColdFusion umożliwia zdalne wykonanie kodu.
CVSS
9.8
EPSS
92.7%
Exploit
weaponized
Vendor
adobe
Opis źródłowy (NVD)
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
auth-bypass exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 92.7% |
| Opublikowano (NVD) | 2013-01-17 00:55:01 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 21:01:44 UTC |
Referencje
- http://www.adobe.com/support/security/advisories/apsa13-01.html (psirt@adobe.com) [Mitigation, Vendor Advisory]
- http://www.adobe.com/support/security/bulletins/apsb13-03.html (psirt@adobe.com) [Broken Link, Vendor Advisory]
- http://www.exploit-db.com/exploits/30210 (psirt@adobe.com) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0632 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]