Lucene search

[email protected]NVD:CVE-2021-40699

HistorySep 07, 2023 - 1:15 p.m.

CVE-2021-40699

2023-09-0713:15:07

CWE-284

[email protected]

web.nvd.nist.gov

cve-2021-40699

coldfusion

access control

vulnerability

authentication

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.3%

JSON

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Affected configurations

NVD

Node

adobecoldfusionRange<2018

adobecoldfusionMatch2018-

adobecoldfusionMatch2018update1

adobecoldfusionMatch2018update10

adobecoldfusionMatch2018update2

adobecoldfusionMatch2018update3

adobecoldfusionMatch2018update4

adobecoldfusionMatch2018update5

adobecoldfusionMatch2018update6

adobecoldfusionMatch2018update7

adobecoldfusionMatch2018update8

adobecoldfusionMatch2018update9

adobecoldfusionMatch2021-

References

helpx.adobe.com/security/products/coldfusion/apsb21-75.html