CVE-2024-34112Improper Access Control in Adobe Coldfusion

CWE-284Improper Access Control3 documents3 sources
Severity
7.5HIGHNVD
EPSS
11.2%
top 6.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedJun 13

Description

ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusion2021u13
NVDadobe/coldfusion2021, 2023+1

🔴Vulnerability Details

2
GHSA
GHSA-w2vq-f5f5-hrv8: ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system re2024-06-13
CVEList
ColdFusion CFDOCUMENT file retrieval / access control bypass2024-06-13
CVE-2024-34112 — Improper Access Control in Adobe | cvebase