Description

Due to the Improper Access Control vulnerability, an unauthenticated attacker can read arbitrary files in the OS.

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB24-14

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3586)

Oracle JRE CVE-2013-5784 Vulnerability (CVE-2013-5784)

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-20407)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29002)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9479)

Severity

High

Classification

CVE-2024-20767 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass Known Vulnerabilities