Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47

CVE-2023-29298

cve-2023-38205

Related Vulnerabilities

Lighttpd Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-41556)

TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28106)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2006-0369)

Severity

High

Classification

CVE-2023-29298 CVE-2023-38205 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities