CVE-2023-29301Improper Restriction of Excessive Authentication Attempts in Adobe Coldfusion

CWE-307Improper Restriction of Excessive Authentication Attempts3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedJul 12

Description

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusion2023.0.0.330468
NVDadobe/coldfusion20232023.0.0.330468+2

🔴Vulnerability Details

2
GHSA
GHSA-wq58-62g3-92fc: Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 20232023-07-12
CVEList
Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass2023-07-12
CVE-2023-29301 — Adobe Coldfusion vulnerability | cvebase