CVE-2023-38205

Published: Sep 14, 2023Modified: Oct 23, 2025CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: psirt@adobe.com (Secondary)

Description

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Affected (30)

Products: Adobe: Coldfusion

Adobe

1 product

Coldfusion

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Version 2018
Adobe Coldfusion	Version 2018 update10
Adobe Coldfusion	Version 2018 update11
Adobe Coldfusion	Version 2018 update12
Adobe Coldfusion	Version 2018 update13
Adobe Coldfusion	Version 2018 update14
Adobe Coldfusion	Version 2018 update15
Adobe Coldfusion	Version 2018 update16
Adobe Coldfusion	Version 2018 update18
Adobe Coldfusion	Version 2018 update1
Adobe Coldfusion	Version 2018 update2
Adobe Coldfusion	Version 2018 update3
Adobe Coldfusion	Version 2018 update4
Adobe Coldfusion	Version 2018 update5
Adobe Coldfusion	Version 2018 update6
Adobe Coldfusion	Version 2018 update7
Adobe Coldfusion	Version 2018 update8
Adobe Coldfusion	Version 2018 update9
Adobe Coldfusion	Version 2021
Adobe Coldfusion	Version 2021 update1
Adobe Coldfusion	Version 2021 update2
Adobe Coldfusion	Version 2021 update3
Adobe Coldfusion	Version 2021 update4
Adobe Coldfusion	Version 2021 update5
Adobe Coldfusion	Version 2021 update6
Adobe Coldfusion	Version 2021 update7
Adobe Coldfusion	Version 2021 update8
Adobe Coldfusion	Version 2023
Adobe Coldfusion	Version 2023 update1
Adobe Coldfusion	Version 2023 update2

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.