CVE DATABASE / CVE-2004-2204
CVE-2004-2204
CVSS 7.2 · HIGH
Summary
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
CVSS 2.0 breakdown
| Base score | 7.2 (HIGH) |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Affected products
Macromedia coldfusion
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/12693
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html
- http://www.osvdb.org/10718
- http://www.securityfocus.com/archive/1/377213
- http://www.securityfocus.com/bid/11364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17567
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.