Adobe ColdFusion < 2018.x < 2018 Update 16 / 2021.x < 2021 Update 6 Multiple Vulnerabilities (APSB23-25)

critical Nessus Plugin ID 172595

Language:

Version 1.5 Aug 22, 2023, 10:11 AM Exploit attributes ("Exploit framework metasploit" set to "True". "Exploited by malware" set to "True") CISA reference Plugin Feed: 202308221011
Version 1.4 Jul 13, 2023, 8:04 PM IAVM reference Plugin Feed: 202307132004
Version 1.3 Mar 24, 2023, 1:54 PM CVSS metrics ("CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") Plugin Feed: 202303241354
Version 1.2 Mar 16, 2023, 10:11 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202303162211
Version 1.1 Mar 16, 2023, 6:35 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202303161835
Version 1.0 Mar 16, 2023, 12:00 PM New Plugin Feed: 202303161200

* Changelogs are generally available for changes made after Nov 1, 2022