CVE-2021-40699

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2021 update 1 and earlier ColdFusion versions 2018.10 and earlier

Description The issue is related to improper access control in ColdFusion, specifically when checking permissions in the CFIDE path. This could allow an authenticated attacker to access and manipulate arbitrary data on the environment. The vulnerability is associated with deficiencies in access control, which can be exploited by a remote attacker to bypass existing security restrictions and gain unauthorized access to protected information.

Recommendations For ColdFusion version 2021 update 1 and earlier, update to a version later than 2021 update 1 to resolve the issue. For ColdFusion versions 2018.10 and earlier, update to a version later than 2018.10 to resolve the issue. As a temporary workaround, consider restricting access to the CFIDE path to minimize the risk of exploitation.