ColdFusion | Improper Input Validation (CWE-20)
CVE-2023-44355

4.3MEDIUM

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 17 November 2023

Summary

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.

Affected Version(s)

ColdFusion 0 <= 2021.11

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Sep 28, 2023

Collectors

NVD DatabaseMitre Database