CVE-2021-40699
Summary
| CVE | CVE-2021-40699 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-07 13:15:00 UTC |
| Updated | 2023-09-12 11:56:00 UTC |
| Description | ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Coldfusion | All | All | All | All |
| Application | Adobe | Coldfusion | 2018 | - | All | All |
| Application | Adobe | Coldfusion | 2018 | update1 | All | All |
| Application | Adobe | Coldfusion | 2018 | update10 | All | All |
| Application | Adobe | Coldfusion | 2018 | update2 | All | All |
| Application | Adobe | Coldfusion | 2018 | update3 | All | All |
| Application | Adobe | Coldfusion | 2018 | update4 | All | All |
| Application | Adobe | Coldfusion | 2018 | update5 | All | All |
| Application | Adobe | Coldfusion | 2018 | update6 | All | All |
| Application | Adobe | Coldfusion | 2018 | update7 | All | All |
| Application | Adobe | Coldfusion | 2018 | update8 | All | All |
| Application | Adobe | Coldfusion | 2018 | update9 | All | All |
| Application | Adobe | Coldfusion | 2021 | - | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Adobe Security Bulletin | MISC | helpx.adobe.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376036 Adobe ColdFusion Security Feature Bypass Vulnerability (APSB21-75)