CVE-2023-38206

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 14, 2023

Updated: Sep 19, 2023

CWE ID 284

Summary

CVE-2023-38206 is a newly discovered vulnerability affecting Adobe ColdFusion versions 2018u18 and earlier, 2021u8 and earlier, and 2023u2 and earlier. This issue involves an Improper Access Control problem that enables a bypass of security features. An attacker can capitalize on this vulnerability and gain unauthorized access to the administration CFM and CFC endpoints, leading to a low-confidentiality impact. Importantly, exploitation of this weakness does not necessitate user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe ColdFusion

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-yuPc
https://www.cve.org/CVERecord?id=CVE-2023-38206
https://nvd.nist.gov/vuln/detail/CVE-2023-38206

Back to Vulnerability Database