Is CVE-2013-0632 exploitable?

Yes — CVE-2013-0632 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2013-0632 a false positive?

No practitioners have marked CVE-2013-0632 a false positive so far (2 verdicts).

How do I remediate CVE-2013-0632?

See the authoritative references (NVD, vendor advisory) and community field notes on this page for remediation guidance.

CVE-2013-0632

Incorrect Default Permissions — is CVE-2013-0632real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

Critical · CVSS 9.8EPSS 93.7%CISA KEVCWE-276 · Incorrect Default Permissions

Affected:Adobe

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

References

NVD MITRE CVE.org CISA KEV

Published Jan 17, 2013

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2013-0632/badge.svg)](https://www.truepositive.app/cve/CVE-2013-0632)

HTML

<a href="https://www.truepositive.app/cve/CVE-2013-0632"><img src="https://www.truepositive.app/cve/CVE-2013-0632/badge.svg" alt="TruePositive verdict for CVE-2013-0632"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

to add your verdict.

Community real-world severity: Critical (Critical 2) — CVSS base score 9.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.