Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-26347Improper Access Control in Adobe Coldfusion

CWE-284Improper Access Control6 documents6 sources
Severity
7.5HIGHNVD
EPSS
83.2%
top 0.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Coldfusion
Timeline
PublishedNov 17
Latest updateJul 19

Description

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDadobe/coldfusion< 2021+2
CVEListV5adobe/coldfusion2021.11

🔴Vulnerability Details

3
GHSA
GHSA-j425-965m-rmg6: Adobe ColdFusion versions 20232023-11-17
CVEList
CVE-2023-38205 issues | ColdFusion Admin Panel Access2023-11-17
VulnCheck
Adobe ColdFusion Improper Access Control2023

💥Exploits & PoCs

1
Nuclei
Adobe Coldfusion - Authentication Bypass

💬Community

1
HackerOne
CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true2024-07-19
CVE-2023-26347 — Improper Access Control in Adobe | cvebase