CVE-2024-45113

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2023.6, 2021.12 and earlier

Description: The issue is related to weaknesses in the authentication procedure of the ColdFusion platform. This can be exploited by a remote attacker to gain unauthorized access and escalate privileges, potentially affecting the integrity of the application. Exploitation does not require user interaction.

Recommendations: For ColdFusion versions 2023.6, 2021.12, and earlier, consider restricting access to sensitive areas of the application until a proper fix is applied, focusing on securing authentication mechanisms to prevent unauthorized privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.