Vulnerability Details : CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Products affected by CVE-2004-2331
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2331
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | 2024-01-25 |
CWE ids for CVE-2004-2331
-
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-2331
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/14984
Adobe Macromedia ColdFusion MX 6.1 Access Control Flaw Sandbox Security bypass CVE-2004-2331 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/10743/
About Secunia Research | FlexeraURL Repurposed
-
http://www.securityfocus.com/bid/9521
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html
Patch;Vendor Advisory
Jump to