← Back

CVE-2024-20767

nvd nistnuclei
Published: Mar 18, 2024Modified: Oct 23, 2025CISA KEV

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.2 / Impact: 5.2
Source: NVD (Secondary)

Description

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

Affected (20)

Products: Adobe: Coldfusion
Adobe
1 product
Coldfusion
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Coldfusion
Version 2021
Coldfusion
Version 2021 update10
Coldfusion
Version 2021 update11
Coldfusion
Version 2021 update12
Coldfusion
Version 2021 update1
Coldfusion
Version 2021 update2
Coldfusion
Version 2021 update3
Coldfusion
Version 2021 update4
Coldfusion
Version 2021 update5
Coldfusion
Version 2021 update6
Coldfusion
Version 2021 update7
Coldfusion
Version 2021 update8
Coldfusion
Version 2021 update9
Coldfusion
Version 2023
Coldfusion
Version 2023 update1
Coldfusion
Version 2023 update2
Coldfusion
Version 2023 update3
Coldfusion
Version 2023 update4
Coldfusion
Version 2023 update5
Coldfusion
Version 2023 update6

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

Source: psirt@adobe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.