Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Coldfusion | Adobe | 2018 (including) | 2018 (including) |
| Coldfusion | Adobe | 2018-update1 (including) | 2018-update1 (including) |
| Coldfusion | Adobe | 2018-update10 (including) | 2018-update10 (including) |
| Coldfusion | Adobe | 2018-update11 (including) | 2018-update11 (including) |
| Coldfusion | Adobe | 2018-update12 (including) | 2018-update12 (including) |
| Coldfusion | Adobe | 2018-update13 (including) | 2018-update13 (including) |
| Coldfusion | Adobe | 2018-update14 (including) | 2018-update14 (including) |
| Coldfusion | Adobe | 2018-update15 (including) | 2018-update15 (including) |
| Coldfusion | Adobe | 2018-update16 (including) | 2018-update16 (including) |
| Coldfusion | Adobe | 2018-update18 (including) | 2018-update18 (including) |
| Coldfusion | Adobe | 2018-update2 (including) | 2018-update2 (including) |
| Coldfusion | Adobe | 2018-update3 (including) | 2018-update3 (including) |
| Coldfusion | Adobe | 2018-update4 (including) | 2018-update4 (including) |
| Coldfusion | Adobe | 2018-update5 (including) | 2018-update5 (including) |
| Coldfusion | Adobe | 2018-update6 (including) | 2018-update6 (including) |
| Coldfusion | Adobe | 2018-update7 (including) | 2018-update7 (including) |
| Coldfusion | Adobe | 2018-update8 (including) | 2018-update8 (including) |
| Coldfusion | Adobe | 2018-update9 (including) | 2018-update9 (including) |
| Coldfusion | Adobe | 2021 (including) | 2021 (including) |
| Coldfusion | Adobe | 2021-update1 (including) | 2021-update1 (including) |
| Coldfusion | Adobe | 2021-update2 (including) | 2021-update2 (including) |
| Coldfusion | Adobe | 2021-update3 (including) | 2021-update3 (including) |
| Coldfusion | Adobe | 2021-update4 (including) | 2021-update4 (including) |
| Coldfusion | Adobe | 2021-update5 (including) | 2021-update5 (including) |
| Coldfusion | Adobe | 2021-update6 (including) | 2021-update6 (including) |
| Coldfusion | Adobe | 2021-update7 (including) | 2021-update7 (including) |
| Coldfusion | Adobe | 2021-update8 (including) | 2021-update8 (including) |
| Coldfusion | Adobe | 2023 (including) | 2023 (including) |
| Coldfusion | Adobe | 2023-update1 (including) | 2023-update1 (including) |
| Coldfusion | Adobe | 2023-update2 (including) | 2023-update2 (including) |