Vulnerability identifier: #VU6375

Vulnerability risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-3066

CWE-ID: CWE-502

Exploitation vector: Network

Exploits in database: 2

• June 17, 2021
  • Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution [Exploit-DB]
• March 18, 2020
  • ColdFusionPwn (Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
ColdFusion
Server applications / Application servers

Vendor: Adobe