Vulnerabilities > CVE-2023-29298 - Unspecified vulnerability in Adobe Coldfusion 2018/2021
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 25 |
Related news
- Adobe warns of critical ColdFusion RCE bug exploited in attacks (source)
- Critical ColdFusion flaws exploited in attacks to drop webshells (source)
- Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites (source)
- Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) (source)
- Adobe emergency patch fixes new ColdFusion zero-day used in attacks (source)
- Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (source)
- Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw (source)
- CISA warns govt agencies to patch Adobe ColdFusion servers (source)
- Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (source)