CVE-2021-20767
published 2021-08-18CVE-2021-20767: Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.61%
44.6th percentile
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | 4.0.0 – 5.0.2 | — |
| cybozu_inc | cybozu_garoon | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Adobe ColdFusion - Arbitrary File Read
nuclei·CVSS 7.4
CVE-2024-20767 [HIGH] Adobe ColdFusion - Arbitrary File Read
Adobe ColdFusion - Arbitrary File Read
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
Template:
id: CVE-2024-20767
info:
name: Adobe ColdFusion - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and
Metasploit
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
metasploit·CVSS 7.4
CVE-2024-20767 [HIGH] CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version '2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanager.cfc endpoint. Using that UUID attackers can hit the /pms endpoint in order to exploit the Arbitrary File Read Vulnerability.
No writeups or analysis indexed.
2021-08-18
Published