CVE-2021-40698

HIGH

ColdFusion <2021 Update 1, <2018.10 - Security Feature Bypass

Title source: llm
STIX 2.1

Description

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

References (1)

Core 1
Core References

Scores

CVSS v3 7.4
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-242
Status published
Products (3)
adobe/coldfusion 2018 (11 CPE variants)
adobe/coldfusion 2021
adobe/coldfusion < 2018
Published Sep 07, 2023
Tracked Since Feb 18, 2026