{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-40698", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2021-09-08T16:58:12.651Z", "datePublished": "2023-09-07T12:54:33.320Z", "dateUpdated": "2024-09-04T20:07:49.774Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2018.11", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2021-09-14T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass\u202f\u202f. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.4, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-242", "description": "Use of Inherently Dangerous Function (CWE-242)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-09-07T12:54:33.320Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html"}], "source": {"discovery": "EXTERNAL"}, "title": "ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass\u202f\u202f"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:07.012Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html"}]}, {"affected": [{"vendor": "adobe", "product": "coldfusion", "cpes": ["cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2018.11", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T20:07:45.781377Z", "id": "CVE-2021-40698", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T20:07:49.774Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:07.012Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-40698", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-04T20:07:45.781377Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*"], "vendor": "adobe", "product": "coldfusion", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2018.11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T20:06:12.496Z"}}], "cna": {"title": "ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass\u202f\u202f", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "modifiedScope": "NOT_DEFINED", "temporalScore": 7.4, "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "LOW", "environmentalScore": 7.4, "privilegesRequired": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NETWORK", "confidentialityImpact": "LOW", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "LOW", "modifiedUserInteraction": "NONE", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedConfidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "ColdFusion", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2018.11"}], "defaultStatus": "affected"}], "datePublic": "2021-09-14T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass\u202f\u202f. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-242", "description": "Use of Inherently Dangerous Function (CWE-242)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-09-07T12:54:33.320Z"}}}, "cveMetadata": {"cveId": "CVE-2021-40698", "state": "PUBLISHED", "dateUpdated": "2024-09-04T20:07:49.774Z", "dateReserved": "2021-09-08T16:58:12.651Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2023-09-07T12:54:33.320Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "1280A922-1722-4AEC-9D84-275B6FC91C80", "versionEndExcluding": "2018", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*", "matchCriteriaId": "3B54B2B0-B1E1-4B4E-A529-D0BD3B5DEEF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*", "matchCriteriaId": "EDB126BF-E09D-4E58-A39F-1190407D1CAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*", "matchCriteriaId": "8DDD85DF-69A0-476F-8365-CD67C75CF0CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*", "matchCriteriaId": "59649177-81EE-43C3-BFA5-E56E65B486DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*", "matchCriteriaId": "453B96ED-738A-4642-B461-C5216CF45CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*", "matchCriteriaId": "58D32489-627B-4E49-9329-8A3B8F8E4903", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*", "matchCriteriaId": "6D5860E1-D293-48FE-9796-058B78B2D571", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*", "matchCriteriaId": "9F9336CC-E38F-4BCB-83CD-805EC7FEF806", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*", "matchCriteriaId": "97964507-047A-4CC8-8D2B-0EA0C7F9BD50", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*", "matchCriteriaId": "82208628-F32A-4380-9B0F-DC8507E7701D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*", "matchCriteriaId": "1563CE5E-A4F7-40A4-A050-BB96E332D8DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass\u202f\u202f. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. "}, {"lang": "es", "value": "ColdFusion versi\u00f3n 2021 update 1 (y anteriores) y las versiones 2018.10 (y anteriores) se ven afectadas por una vulnerabilidad de uso de funciones inherentemente peligrosas que puede provocar una omisi\u00f3n de caracter\u00edstica de seguridad (previsiblemente). Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para obtener acceso y manipular datos arbitrarios en el entorno."}], "id": "CVE-2021-40698", "lastModified": "2024-11-21T06:24:35.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-07T13:15:07.160", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-242"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}

{}