What is the vulnerability ID for this Adobe ColdFusion vulnerability?

The vulnerability ID for this Adobe ColdFusion vulnerability is CVE-2022-38424.

What is the severity of CVE-2022-38424?

The severity of CVE-2022-38424 is high with a CVSS score of 7.2.

Which versions of Adobe ColdFusion are affected by CVE-2022-38424?

The versions affected by CVE-2022-38424 are Adobe ColdFusion 2018 (Update 14 and earlier) and Adobe ColdFusion 2021 (Update 4 and earlier).

What is the impact of CVE-2022-38424?

CVE-2022-38424 allows an attacker to perform arbitrary file system write, potentially leading to unauthorized access or data manipulation.

How can I fix CVE-2022-38424?

To fix CVE-2022-38424, you should update your Adobe ColdFusion installation to the latest available version.

Vulnerability/
CVE-2022-38424

high

7.2

CWE

14/10/2022

17/9/2024

CVE-2022-38424: Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write

First published: Fri Oct 14 2022(Updated: )

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=2018
Adobe ColdFusion	=2018-update1
Adobe ColdFusion	=2018-update10
Adobe ColdFusion	=2018-update11
Adobe ColdFusion	=2018-update12
Adobe ColdFusion	=2018-update13
Adobe ColdFusion	=2018-update14
Adobe ColdFusion	=2018-update2
Adobe ColdFusion	=2018-update3
Adobe ColdFusion	=2018-update4
Adobe ColdFusion	=2018-update5
Adobe ColdFusion	=2018-update6
Adobe ColdFusion	=2018-update7
Adobe ColdFusion	=2018-update8
Adobe ColdFusion	=2018-update9
Adobe ColdFusion	=2021
Adobe ColdFusion	=2021-update1
Adobe ColdFusion	=2021-update2
Adobe ColdFusion	=2021-update3
Adobe ColdFusion	=2021-update4

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html

Frequently Asked Questions

What is the vulnerability ID for this Adobe ColdFusion vulnerability?
The vulnerability ID for this Adobe ColdFusion vulnerability is CVE-2022-38424.
What is the severity of CVE-2022-38424?
The severity of CVE-2022-38424 is high with a CVSS score of 7.2.
Which versions of Adobe ColdFusion are affected by CVE-2022-38424?
The versions affected by CVE-2022-38424 are Adobe ColdFusion 2018 (Update 14 and earlier) and Adobe ColdFusion 2021 (Update 4 and earlier).
What is the impact of CVE-2022-38424?
CVE-2022-38424 allows an attacker to perform arbitrary file system write, potentially leading to unauthorized access or data manipulation.
How can I fix CVE-2022-38424?
To fix CVE-2022-38424, you should update your Adobe ColdFusion installation to the latest available version.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/references
agent/last-modified-date
agent/author
agent/severity
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2018
version/adobe coldfusion/2018-update1
version/adobe coldfusion/2018-update10
version/adobe coldfusion/2018-update11
version/adobe coldfusion/2018-update12
version/adobe coldfusion/2018-update13
version/adobe coldfusion/2018-update14
version/adobe coldfusion/2018-update2
version/adobe coldfusion/2018-update3
version/adobe coldfusion/2018-update4
version/adobe coldfusion/2018-update5
version/adobe coldfusion/2018-update6
version/adobe coldfusion/2018-update7
version/adobe coldfusion/2018-update8
version/adobe coldfusion/2018-update9
version/adobe coldfusion/2021
version/adobe coldfusion/2021-update1
version/adobe coldfusion/2021-update2
version/adobe coldfusion/2021-update3
version/adobe coldfusion/2021-update4