Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00012
Percentile: 0.01244

CVSS Scoring

Affected Products

• cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

← Back to Home