CVE-2023-29301

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2018u16 and earlier Adobe ColdFusion versions 2021u6 and earlier Adobe ColdFusion versions 2023.0.0.330468 and earlier

Description The issue is related to insufficient restriction of excessive authentication attempts, allowing a remote attacker to bypass existing security restrictions using a brute force attack. This could result in a security feature bypass, potentially impacting user confidentiality. Exploitation of this issue does not require user interaction.

Recommendations For Adobe ColdFusion versions 2018u16 and earlier, update to a version later than 2018u16 to resolve the issue. For Adobe ColdFusion versions 2021u6 and earlier, update to a version later than 2021u6 to resolve the issue. For Adobe ColdFusion versions 2023.0.0.330468 and earlier, update to a version later than 2023.0.0.330468 to resolve the issue. As a temporary workaround, consider restricting access to the CFAdmin authentication component to minimize the risk of exploitation.