CVE-2017-11285

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/100711	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039321	Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:11.0:-::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update1::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update10::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update11::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update12::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update2::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update3::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update4::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update5::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update6::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update7::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update8::::::
	cpe:2.3:a:adobe:coldfusion:11.0:update9::::::
	cpe:2.3:a:adobe:coldfusion:2016:-::::::
	cpe:2.3:a:adobe:coldfusion:2016:update1::::::
	cpe:2.3:a:adobe:coldfusion:2016:update2::::::
	cpe:2.3:a:adobe:coldfusion:2016:update3::::::
	cpe:2.3:a:adobe:coldfusion:2016:update4::::::

History

No history.

Information

Published : 2017-12-01 08:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-11285

Mitre link : CVE-2017-11285

CVE.ORG link : CVE-2017-11285

JSON object : View

Products Affected

adobe

coldfusion

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2017-11285", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-12-01T08:29:00.373", "references": [{"url": "http://www.securityfocus.com/bid/100711", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.securitytracker.com/id/1039321", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11."}, {"lang": "es", "value": "Adobe ColdFusion tiene una vulnerabilidad de Cross-Site Scripting (XSS). Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11."}], "lastModified": "2020-09-04T14:09:38.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E217CE63-07DC-4A88-8877-181F33A21C20"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D4BD25E-6856-40EC-98A8-ACB540992487"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F0907E8-7BC4-4F5A-894C-B7C5F6BAAEAE"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFE18FEA-271A-42FE-8C24-19731DEB5444"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F7DCF1-D9F2-45C0-B089-E37C91579729"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82F81CF8-1482-4731-AD34-677B8D6B930B"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57BBBE71-BBE0-4129-B997-3F9AF54BFBD8"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E514D95-9287-4A43-9A44-BD6F8EDC5DA8"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96C50CD1-CE75-4D70-AD65-2DB6027D806A"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1B1190-4699-4FB0-AD46-DF0233B5BA90"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "827CB550-5078-4FD5-8B1F-616C06912AD9"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31F22450-F26C-4797-9292-66CA444C0D2C"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72450205-B4F4-4B44-9991-F4876D829BBD"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B262F442-FF7F-4CC0-A9C5-FFD0EDB08E38"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F3D7C8E-6695-44DF-AC9A-1AE09C46C529"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12BAE66C-A745-4661-B5BB-7FC2C169CC82"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6EC92F3-1EF8-4820-9CD8-ECEA03D27A7B"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7446D70-D616-4EC1-BC64-41CDE56EFEAE"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}