Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
High

CVE-2023-26360

Disclosure Date: March 23, 2023 (last updated June 29, 2024)
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Attacker Value
High

CVE-2023-26359

Disclosure Date: March 14, 2023 (last updated April 14, 2023)
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
4
Attacker Value
Moderate

CVE-2023-29298

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.