Description

Due to the Improper Access Control vulnerability, an unauthenticated attacker can read arbitrary files in the OS.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB24-14

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2007-3859)

RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2018-1000074)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7942)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2019-1552)

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-0448)

Severity

High

Classification

CVE-2024-20767 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass Known Vulnerabilities