CVE-2022-38424Path Traversal in Adobe Coldfusion

CWE-22Path Traversal3 documents3 sources
Severity
7.2HIGHNVD
EPSS
3.8%
top 11.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedOct 14
Latest updateOct 15

Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/coldfusionunspecifiedCF2021U4+2
NVDadobe/coldfusion2018, 2021+1

🔴Vulnerability Details

2
GHSA
GHSA-252p-3jv2-8v3c: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Dire2022-10-15
CVEList
Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write2022-10-14
CVE-2022-38424 — Path Traversal in Adobe Coldfusion | cvebase