CVE-2021-40699Improper Access Control in Adobe Coldfusion

CWE-284Improper Access Control3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 54.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedSep 7

Description

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages2 packages

NVDadobe/coldfusion< 2018+2
CVEListV5adobe/coldfusion2018.11

🔴Vulnerability Details

2
GHSA
GHSA-pjjp-267v-j839: ColdFusion version 2021 update 1 (and earlier) and versions 20182023-09-07
CVEList
ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation2023-09-07
CVE-2021-40699 — Improper Access Control in Adobe | cvebase