CVE-2021-40698

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Published: Sep 7, 2023
Updated: Sep 8, 2023
CVE: CVE-2021-40698
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWEs:

CWE-242

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x
adobe / coldfusion	2018-update8	2018-update8.x
adobe / coldfusion	2018-update9	2018-update9.x
adobe / coldfusion	2018-update10	2018-update10.x
adobe / coldfusion	2021	2021.x
adobe / coldfusion	-	2018

https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html

Vulnerability Database

289,697

CVE-2021-40698