CVE-2024-20767
Adobe ColdFusion Improper Access Control Vulnerability
CVSS
—
Sin CVSS
EPSS
98.5%
p100
KEV
SÍ
16 dic 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Adobe / ColdFusion
Vulnerabilidad
Adobe ColdFusion Improper Access Control Vulnerability
Añadido a KEV
16 dic 2024
Remediar antes de
6 ene 2025
Uso conocido en ransomware
No
Descripción resumida
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767