CVE-2022-38420 HIGH

CVE-2022-38420: Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service

Vendor Adobe
Product ColdFusion
Weakness CWE-798 · Hardcoded credentials
Published October 14, 2022
Last update April 23, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

October 14, 2022 CVE published
April 23, 2025 Record updated