all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Adobe ColdFusion Access Control Bypass (CVE-2023-26347, CVE-2023-38205)

Add to bookmarks
Jan. 16, 2024, 3:37 a.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the vulnerability?
The Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by Improper Access Control vulnerabilities that could result in a security bypass. Exploitation of these vulnerabilities could give attacker access to the ColdFusion Administrator endpoints for further attack.

What is the Vendor Solution?


Adobe released patches for the security bypass flaws in June 2023. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature "Adobe.ColdFusion.IPFilterUtils.Authentication.Bypass" to protect any exploitations …

access access control adobe adobe coldfusion attack attacker bypass coldfusion control cve endpoints exploitation patches result security security bypass solution vendor vulnerabilities vulnerability what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028) 1 day, 7 hours ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 days, 7 hours ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 3 days, 12 hours ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 1 week, 2 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 1 week, 2 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 2 weeks, 4 days ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 month ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 1 month ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 1 month, 1 week ago | fortiguard.fortinet.com
access application application developers attackers +31

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164
View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057
View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States
View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172
View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote
View on infosec-jobs.com
View more jobs