CVE-2018-4939

CRITICAL KEV

Adobe Coldfusion - Insecure Deserialization

Title source: rule

Description

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

References (3)

Scores

CVSS v3 9.8
EPSS 0.7680
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03
VulnCheck KEV 2020-10-20
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2018-16724

Classification

CWE
CWE-502
Status published

Affected Products (20)

adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
... and 5 more

Timeline

Published May 19, 2018
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026