CVE-2022-38424

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.

Published: Oct 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-38424
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x
adobe / coldfusion	2018-update8	2018-update8.x
adobe / coldfusion	2018-update9	2018-update9.x
adobe / coldfusion	2018-update10	2018-update10.x
adobe / coldfusion	2021	2021.x
adobe / coldfusion	2021-update1	2021-update1.x
adobe / coldfusion	2021-update2	2021-update2.x
adobe / coldfusion	2021-update3	2021-update3.x
adobe / coldfusion	2018-update13	2018-update13.x
adobe / coldfusion	2018-update12	2018-update12.x
adobe / coldfusion	2018-update11	2018-update11.x
adobe / coldfusion	2021-update4	2021-update4.x
adobe / coldfusion	2018-update14	2018-update14.x

https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html

Vulnerability Database

289,697

CVE-2022-38424