CVE-2013-0625

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 18, 2012
Published Date: January 09, 2013
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-07 00:00:00 UTC) Source

References

http://www.securityfocus.com/bid/57164 http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.adobe.com/support/security/advisories/apsa13-01.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-07 00:00:00 UTC