Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Mar 2023, 13:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* |
|
First Time |
Adobe
Adobe coldfusion |
|
References | (MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html - Patch, Vendor Advisory |
23 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-23 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26361
Mitre link : CVE-2023-26361
CVE.ORG link : CVE-2023-26361
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')