{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-26347", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2023-02-22T19:47:52.374Z", "datePublished": "2023-11-17T13:31:33.156Z", "dateUpdated": "2024-10-21T14:17:57.249Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-11-17T13:31:33.156Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html"}], "source": {"discovery": "EXTERNAL"}, "title": "CVE-2023-38205 issues | ColdFusion Admin Panel Access"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:46:24.614Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T17:28:45.976291Z", "id": "CVE-2023-26347", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T14:17:57.249Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:46:24.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-26347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T17:28:45.976291Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T14:17:53.401Z"}}], "cna": {"title": "CVE-2023-38205 issues | ColdFusion Admin Panel Access", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "modifiedScope": "NOT_DEFINED", "temporalScore": 7.5, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "NONE", "environmentalScore": 7.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NETWORK", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "NONE", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "ColdFusion", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2021.11"}], "defaultStatus": "affected"}], "datePublic": "2023-11-14T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-11-17T13:31:33.156Z"}}}, "cveMetadata": {"cveId": "CVE-2023-26347", "state": "PUBLISHED", "dateUpdated": "2024-10-21T14:17:57.249Z", "dateReserved": "2023-02-22T19:47:52.374Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2023-11-17T13:31:33.156Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "39EBF22C-3ED8-4C91-AA46-1BA920CE1920", "versionEndExcluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Las versiones 2023.5 (y anteriores) y 2021.11 (y anteriores) de Adobe ColdFusion se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para acceder a los endpoints de administraci\u00f3n CFM y CFC. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."}], "id": "CVE-2023-26347", "lastModified": "2024-11-21T07:51:10.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Secondary"}]}, "published": "2023-11-17T14:15:20.867", "references": [{"source": "psirt@adobe.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}

{}