Wiz
Vulnerability DatabaseCVE-2021-40698

CVE-2021-40698
Adobe ColdFusion 2018 vulnerability analysis and mitigation

Overview

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are affected by a Use of Inherently Dangerous Function vulnerability (CVE-2021-40698). The vulnerability was disclosed in September 2021 and can lead to a security feature bypass. The affected software includes Adobe ColdFusion 2021 and 2018 versions (NVD).

Technical details

The vulnerability is classified as CWE-242 (Use of Inherently Dangerous Function) with a CVSS v3.1 base score of 7.4 (HIGH). The attack vector is network-based with low attack complexity and requires low privileges. The scope is changed, with low impact on confidentiality, integrity, and availability (NVD).

Impact

When exploited, this vulnerability allows an authenticated attacker to access and manipulate arbitrary data on the environment. The vulnerability affects the system's security features and can lead to unauthorized data access and manipulation (NVD).

Mitigation and workarounds

Adobe has released security updates to address this vulnerability. Users should upgrade to the latest versions of ColdFusion 2021 and 2018 as specified in the vendor's security advisory (Adobe Advisory).

Additional resources

SourceThis report was generated using AI

Related Adobe ColdFusion 2018 vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-38204CRITICAL9.8
  • Adobe ColdFusion 2018Adobe ColdFusion 2018
  • cpe:2.3:a:adobe:coldfusion
NoYesSep 14, 2023
CVE-2023-38205HIGH7.5
  • Adobe ColdFusion 2018Adobe ColdFusion 2018
  • cpe:2.3:a:adobe:coldfusion
YesYesSep 14, 2023
CVE-2021-40699HIGH7.4
  • Adobe ColdFusion 2018Adobe ColdFusion 2018
  • cpe:2.3:a:adobe:coldfusion
NoYesSep 07, 2023
CVE-2021-40698HIGH7.4
  • Adobe ColdFusion 2018Adobe ColdFusion 2018
  • cpe:2.3:a:adobe:coldfusion
NoYesSep 07, 2023
CVE-2023-38206MEDIUM5.3
  • Adobe ColdFusion 2018Adobe ColdFusion 2018
  • cpe:2.3:a:adobe:coldfusion
NoYesSep 14, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo