CVE-2023-38205

HIGH KEV NUCLEI

Adobe ColdFusion <2018u18,2021u8,2023u2 - Privilege Escalation

Title source: llm

Description

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Nuclei Templates (1)

Adobe ColdFusion - Access Control Bypass

HIGHVERIFIEDby DhiyaneshDk

Shodan:

http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"

FOFA: app="Adobe-ColdFusion" || app="adobe-coldfusion" || title="coldfusion administrator login"

References (2)

[Vendor Advisory] https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205

Scores

CVSS v3 7.5

EPSS 0.9418

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2023-07-20

VulnCheck KEV 2023-07-20

InTheWild.io 2023-07-20

ENISA EUVD EUVD-2023-42025

CWE

CWE-284

Status published

Products (3)

adobe/coldfusion 2018 (18 CPE variants)

adobe/coldfusion 2021 (9 CPE variants)

adobe/coldfusion 2023 (3 CPE variants)

Published Sep 14, 2023

KEV Added Jul 20, 2023

Tracked Since Feb 18, 2026