1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe ColdFusion Improper Access Control Vulnerability

Known Exploited Vulnerabilities CVE-2023-38205 Mappings

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-38205 Adobe ColdFusion Improper Access Control Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2023-38205 is a vulnerability that is the result of an incomplete patch of CVE-2023-29298. An adversary remains able to exploit the public-facing application as a result of this vulnerability.
References
  1. https://www.rapid7.com/blog/post/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/