CVE-2023-26347

HIGH EXPLOITED NUCLEI

Adobe ColdFusion <2023.5-2021.11 - Auth Bypass

Title source: llm

Description

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Nuclei Templates (1)

Adobe Coldfusion - Authentication Bypass

HIGHVERIFIEDby salts

Shodan:

http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"

FOFA: app="Adobe-ColdFusion" || app="adobe-coldfusion" || title="coldfusion administrator login"

References (1)

[Release Notes, Vendor Advisory] https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

Scores

CVSS v3 7.5

EPSS 0.8317

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-05-06

CWE

CWE-284

Status published

Products (3)

adobe/coldfusion 2021 (12 CPE variants)

adobe/coldfusion 2023 (6 CPE variants)

adobe/coldfusion < 2021

Published Nov 17, 2023

Tracked Since Feb 18, 2026