CVE-2024-20767

Опубликовано: 18 мар. 2024

Источник: nvd

CVSS3: 7.4

EPSS Критический

Описание

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

Ссылки

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
Vendor Advisory
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20767
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.9415

Критический

7.4 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r73p-8gx8-7pvg

CVSS3: 8.2

github

почти 2 года назад

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.

BDU:2024-02133