Lucene search

[email protected]NVD:CVE-2021-40698

HistorySep 07, 2023 - 1:15 p.m.

CVE-2021-40698

2023-09-0713:15:07

CWE-242

[email protected]

web.nvd.nist.gov

coldfusion

inherently dangerous function

vulnerability

security feature bypass

authenticated attacker

arbitrary data

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.5%

JSON

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Affected configurations

NVD

Node

adobecoldfusionRange<2018

adobecoldfusionMatch2018-

adobecoldfusionMatch2018update1

adobecoldfusionMatch2018update10

adobecoldfusionMatch2018update2

adobecoldfusionMatch2018update3

adobecoldfusionMatch2018update4

adobecoldfusionMatch2018update5

adobecoldfusionMatch2018update6

adobecoldfusionMatch2018update7

adobecoldfusionMatch2018update8

adobecoldfusionMatch2018update9

adobecoldfusionMatch2021-

References

helpx.adobe.com/security/products/coldfusion/apsb21-75.html