Vulnerability Details : CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Exploit prediction scoring system (EPSS) score for CVE-2004-2331
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-2331
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2004-2331
-
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-2331
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/14984
Adobe Macromedia ColdFusion MX 6.1 Access Control Flaw Sandbox Security bypass CVE-2004-2331 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/10743/
About Secunia Research | FlexeraURL Repurposed
-
http://www.securityfocus.com/bid/9521
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html
Patch;Vendor Advisory
Products affected by CVE-2004-2331
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*