CVE-2022-38421

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier)

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability. This could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction but does require administrator privileges. The vulnerability can be exploited remotely, allowing an attacker to execute arbitrary code.

Recommendations For Adobe ColdFusion versions Update 14 and earlier, update to a version later than Update 14 to resolve the issue. For Adobe ColdFusion versions Update 4 and earlier, update to a version later than Update 4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.