CVE-2022-38422Path Traversal in Adobe Coldfusion

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
3.5%
top 12.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedOct 14
Latest updateOct 15

Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusionunspecifiedCF2021U4+2
NVDadobe/coldfusion2018, 2021+1

🔴Vulnerability Details

2
GHSA
GHSA-v59g-mrf8-gx47: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Dire2022-10-15
CVEList
Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability2022-10-14
CVE-2022-38422 — Path Traversal in Adobe Coldfusion | cvebase