CVE-2024-20767 - Adobe ColdFusion Improper Access Control Vulnerability

Vulnerability Name

Adobe ColdFusion Improper Access Control Vulnerability

Description

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html

https://nvd.nist.gov/vuln/detail/CVE-2024-20767

Related News Articles

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT CampaignDecember 17, 2024

Windows kernel bug now exploited in attacks to gain SYSTEM privilegesDecember 17, 2024