CVE-2021-40699

Published: Sep 7, 2023Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Exploitability: 3.1 / Impact: 3.7

Source: NVD

Description

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Affected (13)

Products: Adobe: Coldfusion

Adobe

1 product

Coldfusion

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Before 2018
Adobe Coldfusion	Version 2018
Adobe Coldfusion	Version 2018 update10
Adobe Coldfusion	Version 2018 update1
Adobe Coldfusion	Version 2018 update2
Adobe Coldfusion	Version 2018 update3
Adobe Coldfusion	Version 2018 update4
Adobe Coldfusion	Version 2018 update5
Adobe Coldfusion	Version 2018 update6
Adobe Coldfusion	Version 2018 update7
Adobe Coldfusion	Version 2018 update8
Adobe Coldfusion	Version 2018 update9
Adobe Coldfusion	Version 2021

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.