WEB APPLICATION VULNERABILITIES Standard & Premium

ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)

Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

Related Vulnerabilities

Dolibarr Missing Authorization Vulnerability (CVE-2023-4198)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7742)

Oracle Application Server CVE-2008-4017 Vulnerability (CVE-2008-4017)

WordPress Credentials Management Errors Vulnerability (CVE-2016-5838)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8644)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities