CVE-2023-29301: 
Adobe ColdFusion 2018 vulnerability analysis and mitigation

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2023-29301). This security issue could result in a security feature bypass, potentially impacting the confidentiality of user data. The vulnerability is particularly concerning as it does not require user interaction for exploitation (NVD).

The vulnerability is classified as an Improper Restriction of Excessive Authentication Attempts (CWE-307). It has received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The vulnerability can lead to system compromise, allowing remote attackers to gain control of vulnerable systems. The primary impact is on the confidentiality of user data, as attackers could leverage this vulnerability to bypass security features (FortiGuard).

Users are strongly advised to apply the most recent upgrades or patches available from Adobe. The vulnerability has been addressed in the security update detailed in Adobe's security bulletin (Adobe Advisory).