Adobe ColdFusion Vulnerable to Improper Access Control
CVE-2023-38205
Key Information:
- Vendor
Adobe
- Status
- Vendor
- CVE Published:
- 14 September 2023
Badges
What is CVE-2023-38205?
Adobe ColdFusion is susceptible to an Improper Access Control vulnerability, allowing attackers to bypass security features and gain unauthorized access to sensitive administration endpoints. The vulnerable versions include ColdFusion 2018u18 and earlier, 2021u8 and earlier, and 2023u2 and earlier. Exploiting this vulnerability does not require user interaction, making it critical for organizations to address this issue promptly.
CISA has reported CVE-2023-38205
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-38205 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
ColdFusion 0
News Articles
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
- 📰
First article discovered by BleepingComputer
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability Reserved