CVE-2021-40698Use of Inherently Dangerous Function in Adobe Coldfusion

CWE-242Use of Inherently Dangerous Function3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 68.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedSep 7

Description

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages2 packages

NVDadobe/coldfusion< 2018+2
CVEListV5adobe/coldfusion2018.11

🔴Vulnerability Details

2
CVEList
ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass2023-09-07
GHSA
GHSA-fpxx-jv2f-8cf9: ColdFusion version 2021 update 1 (and earlier) and versions 20182023-09-07
CVE-2021-40698 — Use of Inherently Dangerous Function | cvebase