CVE-2023-29301

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion::::::::
	cpe:2.3:a:adobe:coldfusion:2018:-::::::
	cpe:2.3:a:adobe:coldfusion:2018:update1::::::
	cpe:2.3:a:adobe:coldfusion:2018:update10::::::
	cpe:2.3:a:adobe:coldfusion:2018:update11::::::
	cpe:2.3:a:adobe:coldfusion:2018:update12::::::
	cpe:2.3:a:adobe:coldfusion:2018:update13::::::
	cpe:2.3:a:adobe:coldfusion:2018:update14::::::
	cpe:2.3:a:adobe:coldfusion:2018:update15::::::
	cpe:2.3:a:adobe:coldfusion:2018:update16::::::
	cpe:2.3:a:adobe:coldfusion:2018:update2::::::
	cpe:2.3:a:adobe:coldfusion:2018:update3::::::
	cpe:2.3:a:adobe:coldfusion:2018:update4::::::
	cpe:2.3:a:adobe:coldfusion:2018:update5::::::
	cpe:2.3:a:adobe:coldfusion:2018:update6::::::
	cpe:2.3:a:adobe:coldfusion:2018:update7::::::
	cpe:2.3:a:adobe:coldfusion:2018:update8::::::
	cpe:2.3:a:adobe:coldfusion:2018:update9::::::
	cpe:2.3:a:adobe:coldfusion:2021:-::::::
	cpe:2.3:a:adobe:coldfusion:2021:update1::::::
	cpe:2.3:a:adobe:coldfusion:2021:update2::::::
	cpe:2.3:a:adobe:coldfusion:2021:update3::::::
	cpe:2.3:a:adobe:coldfusion:2021:update4::::::
	cpe:2.3:a:adobe:coldfusion:2021:update5::::::
	cpe:2.3:a:adobe:coldfusion:2021:update6::::::

History

20 Jul 2023, 14:22

Type	Values Removed	Values Added
First Time		Adobe Adobe coldfusion
References	~~(MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html -~~	(MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html - Vendor Advisory
CPE		cpe:2.3:a:adobe:coldfusion:2018:update13:::::: cpe:2.3:a:adobe:coldfusion:2018:-:::::: cpe:2.3:a:adobe:coldfusion:2018:update12:::::: cpe:2.3:a:adobe:coldfusion:2018:update6:::::: cpe:2.3:a:adobe:coldfusion:2018:update10:::::: cpe:2.3:a:adobe:coldfusion:2018:update1:::::: cpe:2.3:a:adobe:coldfusion:2018:update14:::::: cpe:2.3:a:adobe:coldfusion:2018:update16:::::: cpe:2.3:a:adobe:coldfusion:2021:update1:::::: cpe:2.3:a:adobe:coldfusion:2018:update3:::::: cpe:2.3:a:adobe:coldfusion:::::::: cpe:2.3:a:adobe:coldfusion:2018:update8:::::: cpe:2.3:a:adobe:coldfusion:2018:update7:::::: cpe:2.3:a:adobe:coldfusion:2018:update5:::::: cpe:2.3:a:adobe:coldfusion:2021:update2:::::: cpe:2.3:a:adobe:coldfusion:2021:update4:::::: cpe:2.3:a:adobe:coldfusion:2021:update6:::::: cpe:2.3:a:adobe:coldfusion:2021:-:::::: cpe:2.3:a:adobe:coldfusion:2018:update15:::::: cpe:2.3:a:adobe:coldfusion:2018:update2:::::: cpe:2.3:a:adobe:coldfusion:2018:update9:::::: cpe:2.3:a:adobe:coldfusion:2018:update11:::::: cpe:2.3:a:adobe:coldfusion:2018:update4:::::: cpe:2.3:a:adobe:coldfusion:2021:update5:::::: cpe:2.3:a:adobe:coldfusion:2021:update3::::::

12 Jul 2023, 17:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-12 16:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-29301

Mitre link : CVE-2023-29301

CVE.ORG link : CVE-2023-29301

JSON object : View

Products Affected

adobe

coldfusion

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

7.5 /10