Adobe ColdFusion Vulnerable to Improper Access Control
CVE-2024-34112

7.5HIGH

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 13 June 2024

Summary

Adobe ColdFusion versions 2023u7, 2021u13, and earlier are vulnerable to an Improper Access Control issue that enables attackers to perform arbitrary file system reads. This vulnerability allows unauthorized users to access sensitive files or confidential data without needing any user interaction. Organizations utilizing affected versions of ColdFusion should review the security implications and apply the necessary updates as outlined by Adobe to mitigate potential risks from this vulnerability.

Affected Version(s)

ColdFusion 0 <= 2021u13

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Apr 30, 2024

Collectors

NVD DatabaseMitre Database