CVE-2014-0572 : Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Upda

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.

Published 2014-10-15 10:55:06

Updated 2025-04-12 10:46:41

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2014-0572

Adobe » Coldfusion » Version: 9.0
cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0.1
cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0.2
cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update4
cpe:2.3:a:adobe:coldfusion:10.0:update4:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update3
cpe:2.3:a:adobe:coldfusion:10.0:update3:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0
cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update1
cpe:2.3:a:adobe:coldfusion:10.0:update1:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0.1 Update Update 9
cpe:2.3:a:adobe:coldfusion:9.0.1:update_9:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0.2 Update Update 4
cpe:2.3:a:adobe:coldfusion:9.0.2:update_4:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0 Update Update 10
cpe:2.3:a:adobe:coldfusion:9.0:update_10:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update2
cpe:2.3:a:adobe:coldfusion:10.0:update2:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update8
cpe:2.3:a:adobe:coldfusion:10.0:update8:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0.2 Update Update 6
cpe:2.3:a:adobe:coldfusion:9.0.2:update_6:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update12
cpe:2.3:a:adobe:coldfusion:10.0:update12:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 10.0 Update Update11
cpe:2.3:a:adobe:coldfusion:10.0:update11:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 11.0
cpe:2.3:a:adobe:coldfusion:11.0:*:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0.1 Update Update 11
cpe:2.3:a:adobe:coldfusion:9.0.1:update_11:*:*:*:*:*:*
Matching versions
Adobe » Coldfusion » Version: 9.0 Update Update 12
cpe:2.3:a:adobe:coldfusion:9.0:update_12:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-0572

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0572

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-0572

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0572

http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1031020

Adobe ColdFusion Bugs Let Local Users Bypass Access Controls and Remote Users Conduct Cross-Site Scripting and Cross-Site Request ForgeryAttacks - SecurityTracker

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-0572

Products affected by CVE-2014-0572

Exploit prediction scoring system (EPSS) score for CVE-2014-0572

CVSS scores for CVE-2014-0572

CWE ids for CVE-2014-0572

References for CVE-2014-0572