CVE-2021-40699

moderate-risk
Published 2023-09-07

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Do I need to act?

-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10 High
NETWORK / LOW complexity

Affected Products (13)

Affected Vendors

Adobe

References (2)

Vendor Advisory https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html
Vendor Advisory https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate