November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure
September 24, 2019Rewterz Threat Alert – MegaCortex Ransomware V.2
September 25, 2019Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure
September 24, 2019Rewterz Threat Alert – MegaCortex Ransomware V.2
September 25, 2019
Severity
High
- Analysis Summary
CVE-2019-8072
The vulnerability allows a remote attacker to gain access to potentially sensitive information. The vulnerability exists due to unspecified error. A remote attacker can gain unauthorized access to sensitive information on the system.
CVE-2019-8073
The vulnerability allows a remote attacker to execute arbitrary commands on the system. The vulnerability exists due to unspecified error, related to usage of a third-party vulnerable component. A remote non-authenticated attacker can inject and execute arbitrary OS commands on the system.
CVE-2019-8074
The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Impact
- Information Disclosure
- Arbitrary code execution
- Access Control Bypass
Affected Vendors
Adobe
Affected Products
- Adobe ColdFusion 2016 update 11 and earlier
- Adobe ColdFusion 2018 update 4 and earlier
Remediation
Install updates from vendor’s website.
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html