Description

ColdFusion FlashGateway is vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of ColdFusion

References

APSB19-10

Related Vulnerabilities

MobileIron Log4Shell RCE

Check for apache versions up to 1.3.25, 2.0.38

WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)

Drupal Core 8.5.0 Remote Code Execution (8.5.0)

WordPress Plugin Statistics Remote Code Execution (1.8)

Severity

High

Classification

CVE-2019-7091 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Insecure Deserialization Acumonitor