vulnerability

APSB16-30: Security updates available for ColdFusion (CVE-2016-4264)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Sep 1, 2016	Jun 21, 2019	Mar 19, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Sep 1, 2016

Added

Jun 21, 2019

Modified

Mar 19, 2026

Description

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Solutions

adobe-coldfusion-10-update-21adobe-coldfusion-11-update-10

References

CVE-2016-4264
https://attackerkb.com/topics/CVE-2016-4264
CWE-611
DISA_SEVERITY-Category I
IAVM-2016-A-0220
URL-https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today