Medium severity5.5NVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026
CVE-2004-2331
CVE-2004-2331
Description
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- www.macromedia.com/devnet/security/security_zone/mpsb04-01.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/9521nvdBroken LinkPatchThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/14984nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/10743/nvdURL Repurposed
News mentions
0No linked articles in our index yet.