CVE-2021-40699

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Published: Sep 7, 2023
Updated: Sep 8, 2023
CVE: CVE-2021-40699
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x
adobe / coldfusion	2018-update8	2018-update8.x
adobe / coldfusion	2018-update9	2018-update9.x
adobe / coldfusion	2018-update10	2018-update10.x
adobe / coldfusion	2021	2021.x
adobe / coldfusion	-	2018

https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html

Vulnerability Database

289,697

CVE-2021-40699