First published: Mon Mar 18 2024(Updated: )
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | =2021 | |
Adobe ColdFusion | =2021-update1 | |
Adobe ColdFusion | =2021-update10 | |
Adobe ColdFusion | =2021-update11 | |
Adobe ColdFusion | =2021-update12 | |
Adobe ColdFusion | =2021-update2 | |
Adobe ColdFusion | =2021-update3 | |
Adobe ColdFusion | =2021-update4 | |
Adobe ColdFusion | =2021-update5 | |
Adobe ColdFusion | =2021-update6 | |
Adobe ColdFusion | =2021-update7 | |
Adobe ColdFusion | =2021-update8 | |
Adobe ColdFusion | =2021-update9 | |
Adobe ColdFusion | =2023 | |
Adobe ColdFusion | =2023-update1 | |
Adobe ColdFusion | =2023-update2 | |
Adobe ColdFusion | =2023-update3 | |
Adobe ColdFusion | =2023-update4 | |
Adobe ColdFusion | =2023-update5 | |
Adobe ColdFusion | =2023-update6 | |
Adobe ColdFusion |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-20767 is classified as a high severity vulnerability due to its potential for unauthorized access and modification of restricted files.
To fix CVE-2024-20767, update Adobe ColdFusion to the latest version that addresses the improper access control vulnerability.
CVE-2024-20767 affects Adobe ColdFusion versions 2023.6, 2021.12, and earlier.
CVE-2024-20767 is an improper access control vulnerability that can allow attackers to breach restricted files through an exposed admin panel.
Yes, CVE-2024-20767 can potentially lead to data breaches by allowing unauthorized access to sensitive files.