

Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure
September 24, 2019
Rewterz Threat Alert – MegaCortex Ransomware V.2
September 25, 2019
Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure
September 24, 2019
Rewterz Threat Alert – MegaCortex Ransomware V.2
September 25, 2019Severity
High
- Analysis Summary
CVE-2019-8072
The vulnerability allows a remote attacker to gain access to potentially sensitive information. The vulnerability exists due to unspecified error. A remote attacker can gain unauthorized access to sensitive information on the system.
CVE-2019-8073
The vulnerability allows a remote attacker to execute arbitrary commands on the system. The vulnerability exists due to unspecified error, related to usage of a third-party vulnerable component. A remote non-authenticated attacker can inject and execute arbitrary OS commands on the system.
CVE-2019-8074
The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Impact
- Information Disclosure
- Arbitrary code execution
- Access Control Bypass
Affected Vendors
Adobe
Affected Products
- Adobe ColdFusion 2016 update 11 and earlier
- Adobe ColdFusion 2018 update 4 and earlier
Remediation
Install updates from vendor’s website.
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html