WEB APPLICATION VULNERABILITIES Standard & Premium

ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)

Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

Related Vulnerabilities

OpenSSL Improper Input Validation Vulnerability (CVE-2010-0433)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1835)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2609)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-1927)

Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities