What is CVE-2023-29298?

CVE-2023-29298 is an Improper Access Control vulnerability in Adobe ColdFusion.

What is the severity of CVE-2023-29298?

CVE-2023-29298 has a severity rating of 7, which is considered high.

How can this vulnerability be exploited?

An attacker could exploit this vulnerability to bypass security features and gain unauthorized access to the administration CFM and CFC endpoints.

Where can I find more information about CVE-2023-29298?

You can find more information about CVE-2023-29298 at the following link: [Adobe Security Bulletin APSB23-40](https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html).

Vulnerability/
CVE-2023-29298

Exploited

high

7.5

CWE

NVD-CWE-Other 284

12/7/2023

19/7/2023

CVE-2023-29298: Adobe ColdFusion Improper Access Control Vulnerability

First published: Wed Jul 12 2023(Updated: )

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=2018
Adobe ColdFusion	=2018-update1
Adobe ColdFusion	=2018-update2
Adobe ColdFusion	=2018-update3
Adobe ColdFusion	=2018-update4
Adobe ColdFusion	=2018-update5
Adobe ColdFusion	=2018-update6
Adobe ColdFusion	=2018-update7
Adobe ColdFusion	=2018-update8
Adobe ColdFusion	=2018-update9
Adobe ColdFusion	=2018-update10
Adobe ColdFusion	=2021
Adobe ColdFusion	=2021-update1
Adobe ColdFusion	=2021-update2
Adobe ColdFusion	=2021-update3
Adobe ColdFusion	=2018-update13
Adobe ColdFusion	=2018-update12
Adobe ColdFusion	=2018-update11
Adobe ColdFusion	=2021-update4
Adobe ColdFusion	=2018-update14
Adobe ColdFusion	=2021-update5
Adobe ColdFusion	=2018-update15
Adobe ColdFusion	=2018-update16
Adobe ColdFusion	=2021-update6
Adobe ColdFusion	>=2023<=2023.0.0.330468

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-29298?
CVE-2023-29298 is an Improper Access Control vulnerability in Adobe ColdFusion.
Which versions of Adobe ColdFusion are affected by CVE-2023-29298?
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier), and 2023.0.0.330468 (and earlier) are affected.
What is the severity of CVE-2023-29298?
CVE-2023-29298 has a severity rating of 7, which is considered high.
How can this vulnerability be exploited?
An attacker could exploit this vulnerability to bypass security features and gain unauthorized access to the administration CFM and CFC endpoints.
Where can I find more information about CVE-2023-29298?
You can find more information about CVE-2023-29298 at the following link: [Adobe Security Bulletin APSB23-40](https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html).

collector/nvd-latest
collector/nvd-index
agent/author
agent/weakness
agent/first-publish-date
agent/type
agent/last-modified-date
agent/softwarecombine
agent/description
agent/severity
agent/references
agent/remedy
agent/event
agent/title
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
collector/nvd-api
agent/software-canonical-lookup-request
agent/tags
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2023-50164
alias/CVE-2022-33891
alias/CVE-2023-29298
alias/CVE-2023-38203
alias/CVE-2023-26360
alias/CVE-2023-35082
alias/CVE-2024-27198
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2018
version/adobe coldfusion/2018-update1
version/adobe coldfusion/2018-update2
version/adobe coldfusion/2018-update3
version/adobe coldfusion/2018-update4
version/adobe coldfusion/2018-update5
version/adobe coldfusion/2018-update6
version/adobe coldfusion/2018-update7
version/adobe coldfusion/2018-update8
version/adobe coldfusion/2018-update9
version/adobe coldfusion/2018-update10
version/adobe coldfusion/2021
version/adobe coldfusion/2021-update1
version/adobe coldfusion/2021-update2
version/adobe coldfusion/2021-update3
version/adobe coldfusion/2018-update13
version/adobe coldfusion/2018-update12
version/adobe coldfusion/2018-update11
version/adobe coldfusion/2021-update4
version/adobe coldfusion/2018-update14
version/adobe coldfusion/2021-update5
version/adobe coldfusion/2018-update15
version/adobe coldfusion/2018-update16
version/adobe coldfusion/2021-update6
version/adobe coldfusion/2023
version/adobe coldfusion/2023.0.0.330468

CVE-2023-29298: Adobe ColdFusion Improper Access Control Vulnerability

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-29298?

Which versions of Adobe ColdFusion are affected by CVE-2023-29298?

What is the severity of CVE-2023-29298?

How can this vulnerability be exploited?

Where can I find more information about CVE-2023-29298?

Company

Resources

Contact