Adobe ColdFusion Arbitrary File Read

high Web App Scanning Plugin ID 114259

Synopsis

Adobe ColdFusion Arbitrary File Read

Description

Adobe ColdFusion prior to versions 2021 Update 13 or 2023 Update 7, suffer from an Improper Access Control vulnerability that could lead to arbitrary file system read. By leveraging this vulnerability, a remote unauthenticated attacker can access to sensitive files and perform arbitrary file system write.

Solution

Upgrade to Adobe ColdFusion versions 2021 Update 13, 2023 Update 7 or later.

See Also

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html

Plugin Details

Severity: High

ID: 114259

Type: remote

Published: 4/22/2024

Updated: 4/22/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 7.2

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

CVSS Score Source: CVE-2024-20767

CVSS v3

Risk Factor: High

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS Score Source: CVE-2024-20767

Vulnerability Information

CPE: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/12/2024

Vulnerability Publication Date: 3/12/2024

Reference Information

CVE: CVE-2024-20767