virus logo Threat Signal Report

Adobe ColdFusion Access Control Bypass

What is the vulnerability?

The Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by Improper Access Control vulnerabilities that could result in a security bypass. Exploitation of these vulnerabilities could give attacker access to the ColdFusion Administrator endpoints for further attack.

What is the Vendor Solution?

Adobe released patches for the security bypass flaws in June 2023. [ Link ]


What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature "Adobe.ColdFusion.IPFilterUtils.Authentication.Bypass" to protect any exploitations of both CVE-2023-26347 and CVE-2023-38205 since August 2023. Also, the Endpoint Vulnerability can detect any vulnerable systems.

FortiGuard Labs recommends companies to scan their environment, find vulnerable servers, and upgrade as per vendor advisory and always follow best practices.

description-logoOutbreak Alert

FortiGuards labs observed extremely widespread exploitation attempts relating to security bypass vulnerabilities in Adobe ColdFusion. Successful exploitation could result in access of the ColdFusion Administrator endpoints.

View the full Outbreak Alert Report

Released Date Jan 15, 2024
Tags Adobe ColdFusion Access Bypass Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert
About FortiGuard Threat Signal

Learn More »