CVE-2024-34112

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023u7, 2021u13 and earlier

Description The issue is related to improper access control, which could result in arbitrary file system read. An attacker could exploit this to gain unauthorized access to sensitive files or data without requiring user interaction. This allows a remote attacker to obtain unauthorized access to protected information.

Recommendations For ColdFusion versions 2023u7 and earlier, update to a version that addresses the improper access control issue. For ColdFusion version 2021u13 and earlier, update to a version that addresses the improper access control issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.