CVE-2022-42340

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

Published: Oct 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-42340
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x
adobe / coldfusion	2018-update8	2018-update8.x
adobe / coldfusion	2018-update9	2018-update9.x
adobe / coldfusion	2018-update10	2018-update10.x
adobe / coldfusion	2021	2021.x
adobe / coldfusion	2021-update1	2021-update1.x
adobe / coldfusion	2021-update2	2021-update2.x
adobe / coldfusion	2021-update3	2021-update3.x
adobe / coldfusion	2018-update13	2018-update13.x
adobe / coldfusion	2018-update12	2018-update12.x
adobe / coldfusion	2018-update11	2018-update11.x
adobe / coldfusion	2021-update4	2021-update4.x
adobe / coldfusion	2018-update14	2018-update14.x

https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html

Vulnerability Database

289,697

CVE-2022-42340