← Back

CVE-2023-38206

nvd nist
Published: Sep 14, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: psirt@adobe.com (Secondary)

Description

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.

Affected (30)

Products: Adobe: Coldfusion
Adobe
1 product
Coldfusion
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Coldfusion
Version 2018
Coldfusion
Version 2018 update10
Coldfusion
Version 2018 update11
Coldfusion
Version 2018 update12
Coldfusion
Version 2018 update13
Coldfusion
Version 2018 update14
Coldfusion
Version 2018 update15
Coldfusion
Version 2018 update16
Coldfusion
Version 2018 update18
Coldfusion
Version 2018 update1
Coldfusion
Version 2018 update2
Coldfusion
Version 2018 update3
Coldfusion
Version 2018 update4
Coldfusion
Version 2018 update5
Coldfusion
Version 2018 update6
Coldfusion
Version 2018 update7
Coldfusion
Version 2018 update8
Coldfusion
Version 2018 update9
Coldfusion
Version 2021
Coldfusion
Version 2021 update1
Coldfusion
Version 2021 update2
Coldfusion
Version 2021 update3
Coldfusion
Version 2021 update4
Coldfusion
Version 2021 update5
Coldfusion
Version 2021 update6
Coldfusion
Version 2021 update7
Coldfusion
Version 2021 update8
Coldfusion
Version 2023
Coldfusion
Version 2023 update1
Coldfusion
Version 2023 update2

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: psirt@adobe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.