Armis Vulnerability Intelligence Database

Description Preview

The vulnerability identified as CVE-2018-15961 affects specific versions of Adobe ColdFusion, including the July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier. This vulnerability enables attackers to upload files without any restrictions, which could be exploited to execute arbitrary code on the affected system. Successful exploitation of this vulnerability could have severe consequences, including unauthorized access, data manipulation, and potential system compromise.

Overview

This vulnerability in Adobe ColdFusion versions allows for unrestricted file upload, posing a significant risk of arbitrary code execution. The affected versions include the July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier. The issue was made public on September 11, 2018, and has a CVE ID of CVE-2018-15961. The severity of this vulnerability is critical, with a CVSS base score of 9.8.

Remediation

To mitigate the risk posed by this vulnerability, Adobe recommends updating the affected ColdFusion versions to a secure release that addresses the unrestricted file upload issue. Users should apply the necessary security patches provided by Adobe to prevent potential exploitation. Additionally, organizations should implement proper security measures, such as restricting file upload capabilities and monitoring for any suspicious activities related to file uploads.

References

Adobe Security Bulletin APSB18-33: Link
SecurityFocus BID: Link
SecurityTracker ID: Link
Exploit Database: Link
CWE-434 Unrestricted Upload of File with Dangerous Type: This CWE entry provides additional information on the type of vulnerability present in the affected ColdFusion versions.

Early Warning

Armis Early Warning customers received an advanced alert on this vulnerability.

Armis Alert Date: Sep 12, 2018
CISA KEV Date: Nov 3, 2021

1148days early

Learn More

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Health Care & Social Assistance
Health Care & Social Assistance
Manufacturing
Manufacturing
Educational Services
Educational Services
Finance and Insurance
Finance and Insurance
Management of Companies & Enterprises
Management of Companies & Enterprises
Transportation & Warehousing
Transportation & Warehousing
Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Construction
Construction
Information
Information
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Retail Trade
Retail Trade
Utilities
Utilities
Wholesale Trade
Wholesale Trade

^{CVE-2018-15961:}CVE-2018-15961 is a vulnerability in Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier that allows for unrestricted file upload, potentially leading to arbitrary code execution.