CVE-2023-44355
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
17/11/2023
Last modified:
22/11/2023
Description
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* | 2021 (excluding) | |
| cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page