CVE-2021-40698

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2021 update 1 (and earlier) and versions 2018.10 (and earlier)

Description The issue is related to the use of inherently dangerous functions, which can lead to a security feature bypass. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. The vulnerability allows a remote attacker to gain unauthorized access to protected information.

Recommendations For ColdFusion version 2021 update 1 and earlier, update to a version later than 2021 update 1 to resolve the issue. For ColdFusion version 2018.10 and earlier, update to a version later than 2018.10 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.