CVE-2024-45113Improper Authentication in Adobe Coldfusion

CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedSep 13

Description

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusion2021.12
NVDadobe/coldfusion2021, 2023+1

🔴Vulnerability Details

2
CVEList
ColdFusion | Improper Authentication (CWE-287)2024-09-13
GHSA
GHSA-f5jx-v2mg-438v: ColdFusion versions 20232024-09-13
CVE-2024-45113 — Improper Authentication in Adobe | cvebase