Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
References
Configurations
Configuration 1 (hide)
|
History
01 May 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
References |
|
28 Mar 2023, 13:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Adobe
Adobe coldfusion |
|
References | (MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html - Patch, Vendor Advisory |
23 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-23 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26360
Mitre link : CVE-2023-26360
CVE.ORG link : CVE-2023-26360
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-284
Improper Access Control