virus logo Intrusion Prevention

Adobe.ColdFusion.CVE-2023-29301.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Adobe ColdFusion.
This vulnerability is due to improper access control in the vulnerable application. An unauthenticated, remote attacker may be able to exploit this to gain access to vulnerable systems. The signature is triggered if there are more than 30 attempts within 10 seconds. The threshold is configurable based on user's environment.

affected-products-logoAffected Products

Adobe ColdFusion CF2018 update 16
Adobe ColdFusion CF2021 update 6
Adobe ColdFusion CF2023 GA Release (2023.0.0) and earlier

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrades or patches from the vendor.
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-17 28.828
Modified
 Name:Adobe.
ColdFusion.
CVE-2023-29301.
Access.
Control.
Bypass:Adobe.
ColdFusion.
CVE-2023-29301.
Authentication.
Bypass
2023-07-24 25.607
Modified
 Default_action:pass:drop
2023-07-11 24.597
New

References

https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
ID 53374
Created Jul 11, 2023
Updated Jul 16, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 0.37%
Default Action drop
Active
Affected OS Linux, MacOS
Affected App Adobe
Profile Type Anomaly