ColdFusion Improper Access Control Enables Arbitrary File System Read
CVE-2024-34112 Published on June 13, 2024
ColdFusion CFDOCUMENT file retrieval / access control bypass
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction.
Vulnerability Analysis
CVE-2024-34112 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-34112 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-34112
Want to know whenever a new CVE is published for Adobe ColdFusion? stack.watch will email you.
Affected Versions
Adobe ColdFusion:- Before and including 2021u13 is affected.
- Version 2023 and below update_8 is affected.
- Version 2021 and below update_14 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.