CVE-2024-34112: 
Adobe ColdFusion 2021 vulnerability analysis and mitigation

Adobe ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability (CVE-2024-34112). The vulnerability was discovered and reported to Adobe Systems Incorporated, with the CVE being created on April 30, 2024, and publicly disclosed on June 13, 2024. This security flaw affects multiple versions of Adobe ColdFusion software and could potentially allow unauthorized access to sensitive files (NVD, CVE).

The vulnerability is classified as an Improper Access Control issue (CWE-284) that enables arbitrary file system read capabilities. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 7.5 (HIGH), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The vulnerability could result in unauthorized access to sensitive files and data within the system. The CVSS scoring indicates high confidentiality impact, while integrity and availability remain unaffected. This means attackers could potentially access and read sensitive system files without proper authorization (NVD).

Adobe has released security updates to address this vulnerability through their security advisory APSB24-41. Users of affected ColdFusion versions should update their installations to the latest available version (Adobe Advisory).