Adobe ColdFusion Vulnerable to Improper Access Control
Key Information
- Vendor
- Adobe
- Status
- Coldfusion
- Vendor
- CVE Published:
- 18 March 2024
Badges
Summary
Adobe ColdFusion versions 2023.6, 2021.12, and earlier are affected by an Improper Access Control vulnerability, known as CVE-2024-20767, which can lead to arbitrary file system read. Attackers could exploit this vulnerability to bypass security measures and gain unauthorized access to sensitive files. The vulnerability has already been exploited in the wild, and Adobe has released patches for affected versions, strongly recommending users to update their installations to minimize the risk. If left unaddressed, the vulnerability could potentially expose confidential information, system configurations, and stored credentials, highlighting the need for proactive security measures and timely software updates.
Affected Version(s)
ColdFusion <= 2021.12
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
AttackerKB CVE-2024-20767CVE-2024-20767 | AttackerKB
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An atta…
8 months ago
Sploitus CVE-2024-20767💀 Exploit for CVE-2024-20767
Exploit for CVE-2024-20767 | Sploitus | Exploit & Hacktool Search Engine
8 months ago
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by securityonline.info
Vulnerability published.
Vulnerability Reserved.