CVE-2023-26361Path Traversal in Adobe Coldfusion

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
29.0%
top 3.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedMar 23

Description

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusionunspecifiedCF2018U15, CF2021U5+1
NVDadobe/coldfusion2018, 2021+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-mv82-4cj9-82m9: Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restr2023-03-23
CVEList
Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability2023-03-23
CVE-2023-26361 — Path Traversal in Adobe Coldfusion | cvebase