VDB
CVE-2024-41874
CVE-2024-41874
PUBLISHED
Es besteht eine Schwachstelle in Adobe Creative Cloud ColdFusion 2023 und 2021 aufgrund der Deserialisierung von nicht vertrauenswürdigen Daten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
EPSS 35.33% · 97.1th percentile
Risk Scores
EPSS Score
35.33%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Creative Cloud ColdFusion 2021 <16 | |
| Adobe | Adobe Creative Cloud ColdFusion 2023 <10 |
Timeline
- Sep 10, 2024 CVE Published
- Sep 13, 2024 PoC Published
- Sep 14, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 23, 2024 EPSS Score
- Nov 12, 2024 EPSS Score
- Dec 23, 2024 EPSS Score
- Jan 31, 2025 EPSS Score
- Mar 12, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2115.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2115 advisory
- https://helpx.adobe.com/security/products/media-encoder/apsb24-53.html advisory
- https://helpx.adobe.com/security/products/audition/apsb24-54.html advisory
- https://helpx.adobe.com/security/products/after_effects/apsb24-55.html advisory
- https://helpx.adobe.com/security/products/premiere_pro/apsb24-58.html advisory
- https://helpx.adobe.com/security/products/illustrator/apsb24-66.html advisory
- https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html advisory