Severity
High
Analysis Summary
CVE-2023-38206 CVSS:5.3
Adobe ColdFusion could allow a remote attacker to bypass security restrictions, caused by an improper access control vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to bypass the security feature.
CVE-2023-38205 CVSS:7.5
Adobe ColdFusion could allow a remote attacker to bypass security restrictions, caused by an improper access control vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to bypass the security feature.
CVE-2023-38204 CVSS:9.8
Adobe ColdFusion could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-29298 CVSS:7.5
Adobe ColdFusion could allow a remote attacker to bypass security restrictions, caused by an improper access control vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to bypass the security feature.
Impact
- Security Bypass
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-38206
- CVE-2023-38205
- CVE-2023-38204
- CVE-2023-29298
Affected Vendors
Adobe
Affected Products
- Adobe ColdFusion 2018 Update 16
- Adobe ColdFusion 2021 Update 6
- Adobe ColdFusion 2023 GA Release (2023.0.0.330468)
- Adobe ColdFusion 2023 Update 2
- Adobe ColdFusion 2021 Update 8
- Adobe ColdFusion 2018 Update 18
Remediation
Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.