Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

CVE-2023-29298

cve-2023-38205

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1488)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2071)

Plone CMS Use of Externally-Controlled Format String Vulnerability (CVE-2017-5524)

Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)

ATutor Other Vulnerability (CVE-2014-9752)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities