CVE-2004-2331

Sažetak

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

Reference

http://secunia.com/advisories/10743/
http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html
http://www.securityfocus.com/bid/9521
https://exchange.xforce.ibmcloud.com/vulnerabilities/14984

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

25-01-2024 - 02:16

Objavljeno

31-12-2004 - 05:00