Vulnerability Details : CVE-2021-40699
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-40699
We don't have affected product information for this CVE yet
Exploit prediction scoring system (EPSS) score for CVE-2021-40699
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-40699
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.4
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
3.1
|
3.7
|
Adobe Systems Incorporated |
CWE ids for CVE-2021-40699
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: psirt@adobe.com (Primary)
References for CVE-2021-40699
-
https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html
Adobe Security Bulletin
Jump to