Adobe ColdFusion < 11.x < 11u16 / 2016.x < 2016u8 / 2018.x < 2018u2 Multiple Vulnerabilities (APSB19-10)
High Nessus Plugin ID 122236
SynopsisA web-based application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe ColdFusion installed on the remote Windows host is prior to 11.x update 16, 2016.x update 8, or 2018.x update 2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-10 advisory.
- Deserialization of untrusted data potentially leading to Arbitrary code execution (CVE-2019-7091)
- Cross site scripting potentially leading to Information Disclosure (CVE-2019-7092)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpdate to Adobe ColdFusion version 11 update 16 / 2016 update 8 / 2018 update 2 or later.