Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2204

Description

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Affected products

Macromedia/Coldfusion2 versions
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/12693nvdVendor Advisory
www.macromedia.com/devnet/security/security_zone/mpsb04-10.htmlnvdVendor Advisory
www.osvdb.org/10718nvd
www.securityfocus.com/archive/1/377213nvd
www.securityfocus.com/bid/11364nvd
exchange.xforce.ibmcloud.com/vulnerabilities/17567nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000