Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205) - Vulnerability Database

ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)

Description

Due to the vulnerability in ColdFusion's access control, an unauthenticated attacker might access the administration CFM and CFC endpoints.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-47
CVE-2023-29298
cve-2023-38205

Related Vulnerabilities

CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability High
Common tags: Known Vulnerabilities
Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9740) Medium
Common tags: Known Vulnerabilities
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9640) High
Common tags: Known Vulnerabilities
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9641) Critical
Common tags: Known Vulnerabilities
Python Uncontrolled Resource Consumption Vulnerability (CVE-2019-9674) High
Common tags: Known Vulnerabilities

Severity

High

Classification

CVE-2023-29298
CVE-2023-38205
CWE-284
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities