CVE-2023-38205

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)

Description The issue is related to an improper access control vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints, such as "/pms" module, without requiring user interaction. It is estimated that about 255,541 results are potentially affected. There are reports of this issue being exploited in the wild.

Recommendations For Adobe ColdFusion versions 2018u18 (and earlier), update to a version later than 2018u18 to resolve the issue. For Adobe ColdFusion versions 2021u8 (and earlier), update to a version later than 2021u8 to resolve the issue. For Adobe ColdFusion versions 2023u2 (and earlier), update to a version later than 2023u2 to resolve the issue. As a temporary workaround, consider restricting access to the administration CFM and CFC endpoints until a patch is available.