APP: Multiple Products RMI Framework Insecure Deserializarion Remote Code Execution
An insecure deserialization vulnerability has been reported in the Flex integration service of Adobe ColdFusion and Cisco Security Manager. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted serialized data to the target application. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.
Extended Description
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected Products
Adobe coldfusion
Short Name
APP:MISC:MULTIPLE-VUL-RCE-1
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2018-4939 CVE-2019-12630 Code Deserializarion Execution Framework Insecure Multiple Products RMI Remote bid:103718
Release Date
06/28/2018
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3647
False Positive
Unknown
Vendors
Adobe
CVSS Score
7.5
10.0