CVE-2014-0570

medium

Published 2014-10-15 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html

Application impact

Vendor	Product	Versions
adobe	coldfusion	`9.0`
adobe	coldfusion	`9.0.1`
adobe	coldfusion	`9.0.2`
adobe	coldfusion	`10.0`
adobe	coldfusion	`11.0`

References

http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://www.securitytracker.com/id/1031020
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://www.securitytracker.com/id/1031020

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.