CVE-2013-0625

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 18, 2012
Published Date: January 09, 2013
Last Updated: February 04, 2025
Vendor: Adobe
Product: ColdFusion
Description: Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-03-07 00:00:00 UTC) Source

References

http://www.securityfocus.com/bid/57164 http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.adobe.com/support/security/advisories/apsa13-01.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-07 00:00:00 UTC

Timeline

CVE ID Reserved

December 18, 2012
CVE Published to Public

January 09, 2013
Added to KEVIntel

March 07, 2022