CVE-2022-38424

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions Update 14 and earlier Adobe ColdFusion versions Update 4 and earlier

Description The issue exists due to improper limitation of a pathname to a restricted directory, allowing for path traversal. This could result in arbitrary file system write, potentially impacting the confidentiality, integrity, and availability of protected information. Exploitation does not require user interaction but does require administrator privileges.

Recommendations For Adobe ColdFusion versions Update 14 and earlier, update to a version later than Update 14 to resolve the issue. For Adobe ColdFusion versions Update 4 and earlier, update to a version later than Update 4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of exploitation.