Vulnerabilities > Adobe > Coldfusion > 2023
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-23 | CVE-2024-53961 | Unspecified vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. | 8.1 |
| 2024-09-13 | CVE-2024-41874 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2024-09-13 | CVE-2024-45113 | Improper Authentication vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 7.5 |
| 2024-03-18 | CVE-2024-20767 | Unspecified vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. | 7.4 |
| 2023-11-17 | CVE-2023-44352 | Unspecified vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-07-12 | CVE-2023-29298 | Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 7.5 |
| 2023-07-12 | CVE-2023-29300 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |