CVE-2023-29298

HIGH KEV NUCLEI

Adobe ColdFusion <2018u16, 2021u6, 2023.0.0.330468 - Security Featu...

Title source: llm

Description

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Nuclei Templates (1)

Adobe ColdFusion - Access Control Bypass

HIGHby rootxharsh,iamnoooob,DhiyaneshDK,pdresearch

Shodan:

http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"

FOFA: app="Adobe-ColdFusion" || app="adobe-coldfusion" || title="coldfusion administrator login"

References (2)

[Vendor Advisory] https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29298

Scores

CVSS v3 7.5

EPSS 0.9429

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2023-07-20

VulnCheck KEV 2023-07-17

InTheWild.io 2023-07-20

ENISA EUVD EUVD-2023-32873

CWE

CWE-284

Status published

Products (3)

adobe/coldfusion 2018 (17 CPE variants)

adobe/coldfusion 2021 (7 CPE variants)

adobe/coldfusion 2023

Published Jul 12, 2023

KEV Added Jul 20, 2023

Tracked Since Feb 18, 2026