CVE-2022-38423Path Traversal in Adobe Coldfusion

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
1.1%
top 22.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedOct 14
Latest updateOct 15

Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusionunspecifiedCF2021U4+2
NVDadobe/coldfusion2018, 2021+1

🔴Vulnerability Details

2
GHSA
GHSA-vrp9-qfvq-29ph: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Dire2022-10-15
CVEList
Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability2022-10-14
CVE-2022-38423 — Path Traversal in Adobe Coldfusion | cvebase