AdobeCVELIST:CVE-2021-40698CVE-2021-40698 ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.5%
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "ColdFusion",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2018.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.5%