CVE-2004-2331

CVSS 5.5 - MEDIUM
Description

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

Affected Products
2
Vendor Product Version
macromedia coldfusion 6.1
macromedia coldfusion 6.1
References
http://secunia.com/advisories/10743/
http://www.macromedia.com/devnet/security/security...
http://www.securityfocus.com/bid/9521
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://secunia.com/advisories/10743/
http://www.macromedia.com/devnet/security/security...
http://www.securityfocus.com/bid/9521
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-470
CVE Information
CVE ID:
CVE-2004-2331
Published:
2004-12-31
Modified:
2026-04-16
CVSS Score:
5.5
Severity:
MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Vendors
macromedia
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL