SB2016090703 - Information disclosure in Adobe ColdFusion
Published: September 7, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-4264)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows attackers to gain access to potentially sensitive data.
The vulnerability exists due to flaw in XML objects analysis engine. A remote attacker supply specially crafted XML data and obtain potentilally sensitive information.
Successful exploitation of this vulnerability will allow an attacker to obtain sensitive information.
Remediation
Install update from vendor's website.