WEB APPLICATION VULNERABILITIES Standard & Premium

ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)

Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

Related Vulnerabilities

Oracle Database Server CVE-2015-4925 Vulnerability (CVE-2015-4925)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7002)

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5506)

Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-1280)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities