PT-2024-4222 · Adobe · Coldfusion
Published
2024-06-11
·
Updated
2024-08-07
·
CVE-2024-34113
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ColdFusion versions 2023u7, 2021u13 and earlier
Description
The issue arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.
Recommendations
For ColdFusion versions 2023u7 and earlier, update to a version that uses sufficiently strong cryptographic algorithms for password protection.
For ColdFusion versions 2021u13 and earlier, update to a version that uses sufficiently strong cryptographic algorithms for password protection.
As a temporary workaround, consider restricting access to password-protected resources until a patch is available.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Coldfusion