Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files
gbhackersAdobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read.
The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users.
This release underscores Adobe’s commitment to ensuring the security and integrity of its products.
Details of the Vulnerability
The vulnerability—classified as “Improper Limitation of a Pathname to a Restricted Directory” (CWE-22)—allows attackers to potentially bypass security constraints to access sensitive files.
Given its critical nature, the CVSS Base Score for CVE-2024-53961 stands at 7.4, categorizing it as a high-severity issue.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Affected versions include:
| Product | Update Number | Platform |
|---|---|---|
| ColdFusion 2023 | Update 11 and earlier | All |
| ColdFusion 2021 | Update 17 and earlier | All |
The vulnerability is exploitable remotely without requiring user interaction or ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE