Vulnerabilities > CVE-2021-40698 - Use of Inherently Dangerous Function vulnerability in Adobe Coldfusion

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

adobe

CWE-242

NVD

Published: 2023-09-07

Updated: 2023-11-07

Summary

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Coldfusion 2018 Adobe Coldfusion 2021 Adobe Coldfusion - Adobe Coldfusion 6.0 Adobe Coldfusion 6.1 Adobe Coldfusion 7.0 Adobe Coldfusion 7.0.1 Adobe Coldfusion 7.0.2 Adobe Coldfusion 7.2 Adobe Coldfusion 8.0 Adobe Coldfusion 8.0.1 Adobe Coldfusion 9.0 Adobe Coldfusion 9.0.1 Adobe Coldfusion 9.0.2 Adobe Coldfusion 10.0 Adobe Coldfusion 11.0 Adobe Coldfusion 2016	143

Common Weakness Enumeration (CWE)

CWE-242 - Use of Inherently Dangerous Function

References

https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html