Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)

Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

Related Vulnerabilities

Oracle Database Server CVE-2020-2735 Vulnerability (CVE-2020-2735)

Oracle HTTP Server Use After Free Vulnerability (CVE-2019-0211)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4348)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)

WebLogic CVE-2020-14645 Vulnerability (CVE-2020-14645)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities