ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
The product calls a function that can never be guaranteed to work safely.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Coldfusion | Adobe | * | 2018 (excluding) |
| Coldfusion | Adobe | 2018 (including) | 2018 (including) |
| Coldfusion | Adobe | 2018-update1 (including) | 2018-update1 (including) |
| Coldfusion | Adobe | 2018-update10 (including) | 2018-update10 (including) |
| Coldfusion | Adobe | 2018-update2 (including) | 2018-update2 (including) |
| Coldfusion | Adobe | 2018-update3 (including) | 2018-update3 (including) |
| Coldfusion | Adobe | 2018-update4 (including) | 2018-update4 (including) |
| Coldfusion | Adobe | 2018-update5 (including) | 2018-update5 (including) |
| Coldfusion | Adobe | 2018-update6 (including) | 2018-update6 (including) |
| Coldfusion | Adobe | 2018-update7 (including) | 2018-update7 (including) |
| Coldfusion | Adobe | 2018-update8 (including) | 2018-update8 (including) |
| Coldfusion | Adobe | 2018-update9 (including) | 2018-update9 (including) |
| Coldfusion | Adobe | 2021 (including) | 2021 (including) |