Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2018-4939

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2018-4939	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	primary_impact	T1190	Exploit Public-Facing Application	Comments As referenced in the attached report, T1190 is a known impact of this exploit. References https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
CVE-2018-4939	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	primary_impact	T1133	External Remote Services	Comments As referenced in the attached report, T1133 is a known impact of this exploit. References https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
CVE-2018-4939	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	exploitation_technique	T1203	Exploitation for Client Execution	Comments This deserialization vulnerability allows adversaries to insert their own objects into client software for potential execution. References https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF