Critical severity9.8CISA KEVNVD Advisory· Published Apr 27, 2017· Updated Apr 22, 2026
CVE-2017-3066
CVE-2017-3066
Description
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.
Affected products
39cpe:2.3:a:adobe:coldfusion:10.0:-:*:*:*:*:*:*+ 38 more
- cpe:2.3:a:adobe:coldfusion:10.0:-:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update1:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update10:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update11:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update12:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update13:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update14:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update15:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update16:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update17:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update18:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update19:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update2:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update20:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update21:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update22:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update3:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update4:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update5:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update6:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update7:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update8:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:update9:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- helpx.adobe.com/security/products/coldfusion/apsb17-14.htmlnvdPatchVendor Advisory
- www.exploit-db.com/exploits/43993/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/98003nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038364nvdBroken LinkThird Party AdvisoryVDB Entry
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.