CVE-2022-42340 HIGH

CVE-2022-42340: Adobe ColdFusion Improper Input Validation Arbitrary file system read

Vendor Adobe

Product ColdFusion

Weakness CWE-20 · Input validation

Published October 14, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

October 14, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-42340

Related vulnerabilities

Identifiers

CVE CVE-2022-42340

CWE CWE-20

CVSS 7.5 / HIGH

Affected versions

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ CF2021U4

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ CF2018u14

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ None

CVE-2022-42340: Adobe ColdFusion Improper Input Validation Arbitrary file system read

01Description

02Disclosure timeline

03References

04Related CVE