CVE-2024-34113

MEDIUM

ColdFusion <2023u7, 2021u13 - Info Disclosure

Title source: llm

Description

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.

References (1)

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 6.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-326 CWE-261

Status published

Products (2)

adobe/coldfusion 2021 update1 (13 CPE variants)

adobe/coldfusion 2023 update1 (7 CPE variants)

Published Jun 13, 2024

Tracked Since Feb 18, 2026