Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

CVE-2023-29298

cve-2023-38205

Related Vulnerabilities

MySQL CVE-2018-2784 Vulnerability (CVE-2018-2784)

Wordpress Plugin Backup Migration Files or Directories Accessible to External Parties Vulnerability (CVE-2023-6266)

Python Improper Input Validation Vulnerability (CVE-2013-4238)

W3 Total Cache CVE-2019-6715 Vulnerability (CVE-2019-6715)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities