Lucene search

K

AdobeCVELIST:CVE-2023-26361

HistoryMar 23, 2023 - 12:00 a.m.

CVE-2023-26361 Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability

2023-03-2300:00:00

CWE-22

adobe

www.cve.org

2

adobe coldfusion

path traversal

vulnerability

file system read

directory

exploitation

administrator privileges

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "ColdFusion",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2018U15, CF2021U5",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/coldfusion/apsb23-25.html

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

Related for CVELIST:CVE-2023-26361

cve1 nvd1 prion1 cnvd1 zdi1 adobe1 nessus1