Adobe ColdFusion Vulnerable to Improper Access Control
CVE-2023-38205
Key Information:
- Vendor
- Adobe
- Status
- Vendor
- CVE Published:
- 14 September 2023
Badges
Summary
Adobe ColdFusion is susceptible to an Improper Access Control vulnerability, allowing attackers to bypass security features and gain unauthorized access to sensitive administration endpoints. The vulnerable versions include ColdFusion 2018u18 and earlier, 2021u8 and earlier, and 2023u2 and earlier. Exploiting this vulnerability does not require user interaction, making it critical for organizations to address this issue promptly.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
ColdFusion 0
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
References
EPSS Score
27% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
- π°
First article discovered by BleepingComputer
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability Reserved