cvelistv5 - CVE-2023-38205

CVE-2023-38205 (GCVE-0-2023-38205)

Vulnerability from cvelistv5 – Published: 2023-09-14 07:40 – Updated: 2025-10-21 23:05

CISA

Summary

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-284 - Improper Access Control (CWE-284)

Assigner

adobe

References

URL

Tags

https://helpx.adobe.com/security/products/coldfus…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	ColdFusion	Affected: 0 , ≤ cf2023U2 (semver)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-07-20

Due date: 2023-08-10

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html ; https://nvd.nist.gov/vuln/detail/CVE-2023-38205

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38205",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T19:00:51.927416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-07-20",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:37.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-07-20T00:00:00+00:00",
            "value": "CVE-2023-38205 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "ColdFusion",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "cf2023U2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-07-19T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T07:40:12.725Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2023-38205",
    "datePublished": "2023-09-14T07:40:12.725Z",
    "dateReserved": "2023-07-13T16:21:52.612Z",
    "dateUpdated": "2025-10-21T23:05:37.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-38205",
      "cwes": "[\"CWE-284\"]",
      "dateAdded": "2023-07-20",
      "dueDate": "2023-08-10",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html ;  https://nvd.nist.gov/vuln/detail/CVE-2023-38205",
      "product": "ColdFusion",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-08-10",
      "cisaExploitAdd": "2023-07-20",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B54B2B0-B1E1-4B4E-A529-D0BD3B5DEEF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDB126BF-E09D-4E58-A39F-1190407D1CAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DDD85DF-69A0-476F-8365-CD67C75CF0CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"23F63675-7817-4AF0-A7DB-5E35EDABF04E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E3BF53E-2C0D-4F79-8B62-4C2A50CB5F52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*\", \"matchCriteriaId\": \"C26BF72C-E991-4170-B68B-09B20B6C0679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*\", \"matchCriteriaId\": \"25B4B4F2-318F-4046-ADE5-E9DD64F83FD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*\", \"matchCriteriaId\": \"831E8D69-62E9-4778-8CC5-D6D45CF5AB6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F549BB3-25AB-4C83-B608-3717EADAAB35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AAE2FA8-BEC9-49BA-8E3F-A0564A8ECDC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"59649177-81EE-43C3-BFA5-E56E65B486DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"453B96ED-738A-4642-B461-C5216CF45CA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"58D32489-627B-4E49-9329-8A3B8F8E4903\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5860E1-D293-48FE-9796-058B78B2D571\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F9336CC-E38F-4BCB-83CD-805EC7FEF806\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*\", \"matchCriteriaId\": \"97964507-047A-4CC8-8D2B-0EA0C7F9BD50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*\", \"matchCriteriaId\": \"82208628-F32A-4380-9B0F-DC8507E7701D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*\", \"matchCriteriaId\": \"1563CE5E-A4F7-40A4-A050-BB96E332D8DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A94B406-C011-4673-8C2B-0DD94D46CC4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFD05E3A-10F9-4C75-9710-BA46B66FF6E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D57C8681-AC68-47DF-A61E-B5C4B4A47663\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"75608383-B727-48D6-8FFA-D552A338A562\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"7773DB68-414A-4BA9-960F-52471A784379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B38B9E86-BCD5-4BCA-8FB7-EC55905184E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E7BAB80-8455-4570-A2A2-8F40469EE9CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E22D701-B038-4795-AA32-A18BC93C2B6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B02A37FE-5D31-4892-A3E6-156A8FE62D28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AA3D302-CFEE-4DFD-AB92-F53C87721BFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB88D4FE-5496-4639-BAF2-9F29F24ABF29\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.\"}, {\"lang\": \"es\", \"value\": \"Las versiones 2018u18 (y anteriores), 2021u8 (y anteriores) y 2023u2 (y anteriores) de Adobe ColdFusion se ven afectadas por una vulnerabilidad de Control de Acceso Inadecuado que podr\\u00eda provocar la omisi\\u00f3n de una funci\\u00f3n Seguridad. Un atacante podr\\u00eda aprovechar esta vulnerabilidad para acceder a los endpoints de administraci\\u00f3n CFM y CFC. La explotaci\\u00f3n de este problema no requiere la interacci\\u00f3n del usuario.\"}]",
      "id": "CVE-2023-38205",
      "lastModified": "2024-11-21T08:13:04.920",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@adobe.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-09-14T08:15:07.767",
      "references": "[{\"url\": \"https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Undergoing Analysis",
      "weaknesses": "[{\"source\": \"psirt@adobe.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-38205\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2023-09-14T08:15:07.767\",\"lastModified\":\"2025-10-23T11:13:19.100\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.\"},{\"lang\":\"es\",\"value\":\"Las versiones 2018u18 (y anteriores), 2021u8 (y anteriores) y 2023u2 (y anteriores) de Adobe ColdFusion se ven afectadas por una vulnerabilidad de Control de Acceso Inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n Seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para acceder a los endpoints de administraci\u00f3n CFM y CFC. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-07-20\",\"cisaActionDue\":\"2023-08-10\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Adobe ColdFusion Improper Access Control Vulnerability\",\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B54B2B0-B1E1-4B4E-A529-D0BD3B5DEEF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB126BF-E09D-4E58-A39F-1190407D1CAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DDD85DF-69A0-476F-8365-CD67C75CF0CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F63675-7817-4AF0-A7DB-5E35EDABF04E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E3BF53E-2C0D-4F79-8B62-4C2A50CB5F52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"C26BF72C-E991-4170-B68B-09B20B6C0679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B4B4F2-318F-4046-ADE5-E9DD64F83FD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"831E8D69-62E9-4778-8CC5-D6D45CF5AB6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F549BB3-25AB-4C83-B608-3717EADAAB35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAE2FA8-BEC9-49BA-8E3F-A0564A8ECDC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"59649177-81EE-43C3-BFA5-E56E65B486DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"453B96ED-738A-4642-B461-C5216CF45CA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D32489-627B-4E49-9329-8A3B8F8E4903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5860E1-D293-48FE-9796-058B78B2D571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9336CC-E38F-4BCB-83CD-805EC7FEF806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"97964507-047A-4CC8-8D2B-0EA0C7F9BD50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"82208628-F32A-4380-9B0F-DC8507E7701D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"1563CE5E-A4F7-40A4-A050-BB96E332D8DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A94B406-C011-4673-8C2B-0DD94D46CC4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD05E3A-10F9-4C75-9710-BA46B66FF6E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D57C8681-AC68-47DF-A61E-B5C4B4A47663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"75608383-B727-48D6-8FFA-D552A338A562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7773DB68-414A-4BA9-960F-52471A784379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B38B9E86-BCD5-4BCA-8FB7-EC55905184E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E7BAB80-8455-4570-A2A2-8F40469EE9CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E22D701-B038-4795-AA32-A18BC93C2B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02A37FE-5D31-4892-A3E6-156A8FE62D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA3D302-CFEE-4DFD-AB92-F53C87721BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB88D4FE-5496-4639-BAF2-9F29F24ABF29\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:30:14.115Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38205\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-16T19:00:51.927416Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-07-20\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-07-20T00:00:00+00:00\", \"value\": \"CVE-2023-38205 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-16T19:01:09.621Z\"}}], \"cna\": {\"title\": \"ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"modifiedScope\": \"NOT_DEFINED\", \"temporalScore\": 7.5, \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"temporalSeverity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"environmentalScore\": 7.5, \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"integrityRequirement\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NETWORK\", \"confidentialityImpact\": \"HIGH\", \"environmentalSeverity\": \"HIGH\", \"availabilityRequirement\": \"NOT_DEFINED\", \"modifiedIntegrityImpact\": \"NONE\", \"modifiedUserInteraction\": \"NONE\", \"modifiedAttackComplexity\": \"LOW\", \"confidentialityRequirement\": \"NOT_DEFINED\", \"modifiedAvailabilityImpact\": \"NONE\", \"modifiedPrivilegesRequired\": \"NONE\", \"modifiedConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Adobe\", \"product\": \"ColdFusion\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"cf2023U2\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2023-07-19T17:00:00.000Z\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Control (CWE-284)\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2023-09-14T07:40:12.725Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-38205\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:37.864Z\", \"dateReserved\": \"2023-07-13T16:21:52.612Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2023-09-14T07:40:12.725Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-38205

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-38205

Aliases

CVE-2023-38205

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-38205",
    "id": "GSD-2023-38205"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-38205"
      ],
      "details": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",
      "id": "GSD-2023-38205",
      "modified": "2023-12-13T01:20:35.666351Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2023-38205",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ColdFusion",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "cf2023U2",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Adobe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-284",
                "lang": "eng",
                "value": "Improper Access Control (CWE-284)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2023-38205"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-09-19T17:27Z",
      "publishedDate": "2023-09-14T08:15Z"
    }
  }
}

CERTFR-2023-AVI-0569

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Adobe ColdFusion. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Adobe indique que la vulnérabilité CVE-2023-38205 est activement exploitée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	ColdFusion	ColdFusion 2018 versions antérieures à 19
Adobe	ColdFusion	ColdFusion 2021 versions antérieures à 9
Adobe	ColdFusion	ColdFusion 2023 versions antérieures à 3

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb23-47 du 19 juillet 2023	None	vendor-advisory
Bulletin de sécurité Adobe apsb23-47 du 19 juillet 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ColdFusion 2018 versions ant\u00e9rieures \u00e0 19",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 9",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 2023 versions ant\u00e9rieures \u00e0 3",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-38204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38204"
    },
    {
      "name": "CVE-2023-38206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38206"
    },
    {
      "name": "CVE-2023-38205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38205"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0apsb23-47 du 19 juillet 2023",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
    }
  ],
  "reference": "CERTFR-2023-AVI-0569",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe ColdFusion.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nAdobe indique que la vuln\u00e9rabilit\u00e9 CVE-2023-38205 est activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe ColdFusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-47 du 19 juillet 2023",
      "url": null
    }
  ]
}

CERTFR-2023-AVI-0569

Vulnerability from certfr_avis - Published: - Updated:

Adobe indique que la vulnérabilité CVE-2023-38205 est activement exploitée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	ColdFusion	ColdFusion 2018 versions antérieures à 19
Adobe	ColdFusion	ColdFusion 2021 versions antérieures à 9
Adobe	ColdFusion	ColdFusion 2023 versions antérieures à 3

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb23-47 du 19 juillet 2023	None	vendor-advisory
Bulletin de sécurité Adobe apsb23-47 du 19 juillet 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ColdFusion 2018 versions ant\u00e9rieures \u00e0 19",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 9",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 2023 versions ant\u00e9rieures \u00e0 3",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-38204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38204"
    },
    {
      "name": "CVE-2023-38206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38206"
    },
    {
      "name": "CVE-2023-38205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38205"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0apsb23-47 du 19 juillet 2023",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
    }
  ],
  "reference": "CERTFR-2023-AVI-0569",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe ColdFusion.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nAdobe indique que la vuln\u00e9rabilit\u00e9 CVE-2023-38205 est activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe ColdFusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-47 du 19 juillet 2023",
      "url": null
    }
  ]
}

WID-SEC-W-2023-1838

Vulnerability from csaf_certbund - Published: 2023-07-19 22:00 - Updated: 2023-07-19 22:00

Summary

Adobe ColdFusion: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

ColdFusion ist ein Applikationsserver sowie Framework zur Erstellung von Web basierten Applikationen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe ColdFusion ausnutzen, um beliebigen Programmcode auszuführen oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- UNIX - Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ColdFusion ist ein Applikationsserver sowie Framework zur Erstellung von Web basierten Applikationen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe ColdFusion ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1838 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1838.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1838 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1838"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB23-47 vom 2023-07-19",
        "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Adobe ColdFusion: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-07-19T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:59.465+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1838",
      "initial_release_date": "2023-07-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Adobe ColdFusion \u003c 2023 Update 3",
                "product": {
                  "name": "Adobe ColdFusion \u003c 2023 Update 3",
                  "product_id": "T028813",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:coldfusion:2023_update_3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Adobe ColdFusion \u003c 2021 Update 9",
                "product": {
                  "name": "Adobe ColdFusion \u003c 2021 Update 9",
                  "product_id": "T028814",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:coldfusion:2021_update_9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Adobe ColdFusion \u003c 2018 Update 19",
                "product": {
                  "name": "Adobe ColdFusion \u003c 2018 Update 19",
                  "product_id": "T028815",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:coldfusion:2018_update_19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ColdFusion"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38206",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Adobe ColdFusion. Diese ist auf einen Fehler bei der Zugriffskontrolle zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-38206"
    },
    {
      "cve": "CVE-2023-38205",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Adobe ColdFusion. Diese ist auf einen Fehler bei der Zugriffskontrolle zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-38205"
    },
    {
      "cve": "CVE-2023-38204",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Adobe ColdFusion. Diese ist auf Fehler bei der Deserialisierung von ungepr\u00fcften Daten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-38204"
    }
  ]
}

GHSA-76WH-RGGP-RXXQ

Vulnerability from github – Published: 2023-09-14 09:30 – Updated: 2025-10-22 00:32

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-38205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-14T08:15:07Z",
    "severity": "HIGH"
  },
  "details": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",
  "id": "GHSA-76wh-rggp-rxxq",
  "modified": "2025-10-22T00:32:50Z",
  "published": "2023-09-14T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38205"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2024-29339

Vulnerability from cnvd - Published: 2024-06-19

Title

Adobe ColdFusion安全绕过漏洞（CNVD-2024-29339）

Description

Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。 Adobe ColdFusion存在安全漏洞，远程攻击者可以利用该漏洞提交特殊的请求，可绕过安全限制，未授权访问系统。

Severity

高

Patch Name

Adobe ColdFusion安全绕过漏洞（CNVD-2024-29339）的补丁

Patch Description

Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。 Adobe ColdFusion存在安全漏洞，远程攻击者可以利用该漏洞提交特殊的请求，可绕过安全限制，未授权访问系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-38205

Impacted products

Name
['Adobe ColdFusion <=2018u18', 'Adobe ColdFusion <=2021u8', 'Adobe ColdFusion <=2023u2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-38205",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-38205"
    }
  },
  "description": "Adobe ColdFusion\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u5feb\u901f\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u5e73\u53f0\u3002\n\nAdobe ColdFusion\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u672a\u6388\u6743\u8bbf\u95ee\u7cfb\u7edf\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://helpx.adobe.com/security/products/coldfusion/apsb23-47.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-29339",
  "openTime": "2024-06-19",
  "patchDescription": "Adobe ColdFusion\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u5feb\u901f\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u5e73\u53f0\u3002\r\n\r\nAdobe ColdFusion\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u672a\u6388\u6743\u8bbf\u95ee\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe ColdFusion\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-29339\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe ColdFusion \u003c=2018u18",
      "Adobe ColdFusion \u003c=2021u8",
      "Adobe ColdFusion \u003c=2023u2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-38205",
  "serverity": "\u9ad8",
  "submitTime": "2023-07-24",
  "title": "Adobe ColdFusion\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-29339\uff09"
}

FKIE_CVE-2023-38205

Vulnerability from fkie_nvd - Published: 2023-09-14 08:15 - Updated: 2025-10-23 11:13

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@adobe.com	https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2018
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2021
adobe	coldfusion	2023
adobe	coldfusion	2023
adobe	coldfusion	2023

JSON

To clipboard

{
  "cisaActionDue": "2023-08-10",
  "cisaExploitAdd": "2023-07-20",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*",
              "matchCriteriaId": "3B54B2B0-B1E1-4B4E-A529-D0BD3B5DEEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*",
              "matchCriteriaId": "EDB126BF-E09D-4E58-A39F-1190407D1CAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*",
              "matchCriteriaId": "8DDD85DF-69A0-476F-8365-CD67C75CF0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*",
              "matchCriteriaId": "23F63675-7817-4AF0-A7DB-5E35EDABF04E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*",
              "matchCriteriaId": "3E3BF53E-2C0D-4F79-8B62-4C2A50CB5F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*",
              "matchCriteriaId": "C26BF72C-E991-4170-B68B-09B20B6C0679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*",
              "matchCriteriaId": "25B4B4F2-318F-4046-ADE5-E9DD64F83FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*",
              "matchCriteriaId": "831E8D69-62E9-4778-8CC5-D6D45CF5AB6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*",
              "matchCriteriaId": "2F549BB3-25AB-4C83-B608-3717EADAAB35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:*",
              "matchCriteriaId": "4AAE2FA8-BEC9-49BA-8E3F-A0564A8ECDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*",
              "matchCriteriaId": "59649177-81EE-43C3-BFA5-E56E65B486DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*",
              "matchCriteriaId": "453B96ED-738A-4642-B461-C5216CF45CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*",
              "matchCriteriaId": "58D32489-627B-4E49-9329-8A3B8F8E4903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*",
              "matchCriteriaId": "6D5860E1-D293-48FE-9796-058B78B2D571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*",
              "matchCriteriaId": "9F9336CC-E38F-4BCB-83CD-805EC7FEF806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*",
              "matchCriteriaId": "97964507-047A-4CC8-8D2B-0EA0C7F9BD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*",
              "matchCriteriaId": "82208628-F32A-4380-9B0F-DC8507E7701D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*",
              "matchCriteriaId": "1563CE5E-A4F7-40A4-A050-BB96E332D8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*",
              "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*",
              "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*",
              "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*",
              "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*",
              "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*",
              "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*",
              "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*",
              "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
              "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
              "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
              "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2018u18 (y anteriores), 2021u8 (y anteriores) y 2023u2 (y anteriores) de Adobe ColdFusion se ven afectadas por una vulnerabilidad de Control de Acceso Inadecuado que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n Seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para acceder a los endpoints de administraci\u00f3n CFM y CFC. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2023-38205",
  "lastModified": "2025-10-23T11:13:19.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-09-14T08:15:07.767",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-38205 (GCVE-0-2023-38205)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

GSD-2023-38205

CERTFR-2023-AVI-0569

Solution

CERTFR-2023-AVI-0569

Solution

WID-SEC-W-2023-1838

GHSA-76WH-RGGP-RXXQ

CNVD-2024-29339

FKIE_CVE-2023-38205

Tags

Sightings

Nomenclature