CVE-2023-26347

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2023.5 and earlier Adobe ColdFusion versions 2021.11 and earlier

Description The issue is related to an Improper Access Control that could result in a Security feature bypass. An unauthenticated attacker could leverage this to access the administration CFM and CFC endpoints, such as "/CFIDE/administrator/" or "/CFIDE/adminapi/", without requiring user interaction.

Recommendations For Adobe ColdFusion versions 2023.5 and earlier, update to a version that addresses the issue. For Adobe ColdFusion versions 2021.11 and earlier, update to a version that addresses the issue. As a temporary workaround, consider restricting access to the administration CFM and CFC endpoints until a patch is available.