CVE-2024-45113: 
Adobe ColdFusion 2021 vulnerability analysis and mitigation

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability identified as CVE-2024-45113. The vulnerability was discovered and disclosed on September 13, 2024, affecting Adobe ColdFusion software. This security issue could potentially lead to privilege escalation and does not require user interaction for exploitation (NVD).

The vulnerability has been classified as an Improper Authentication issue (CWE-287). According to the CVSS 3.1 scoring system, it has received a Base Score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The exploitation of this vulnerability could allow an attacker to gain unauthorized access and affect the integrity of the application. The CVSS scoring indicates high impact on integrity while confidentiality and availability remain unaffected (NVD).

Adobe has released security updates to address this vulnerability through their security bulletin APSB24-14. Users of affected versions should update their ColdFusion installations to the latest available version (Adobe Advisory).