CVE-2004-2331

MEDIUM5.5

Description

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

macromedia / coldfusion6.1 – 6.1
macromedia / coldfusion6.1 – 6.1

References

MISChttp://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/14984
MISChttp://www.securityfocus.com/bid/9521
VENDOR_ADVISORYhttp://secunia.com/advisories/10743/