Main Vulnerability Database Vulnerabilities #VU73597

#VU73597 Improper access control in ColdFusion - CVE-2023-26360

Published: March 14, 2023 / Updated: October 25, 2024

Vulnerability identifier: #VU73597

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2023-26360

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
ColdFusion

Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
https://attackerkb.com/topics/1iRdvtUgtW/cve-2023-26359/rapid7-analysis
https://www.rapid7.com/blog/post/2023/03/21/etr-rapid7-observed-exploitation-of-adobe-coldfusion/