ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.
History

Tue, 24 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Dec 2024 20:30:00 +0000

Type Values Removed Values Added
Description ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.
Title ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-12-23T20:11:38.875Z

Updated: 2024-12-24T01:31:48.860Z

Reserved: 2024-11-25T17:39:04.110Z

Link: CVE-2024-53961

cve-icon Vulnrichment

Updated: 2024-12-24T01:31:43.756Z

cve-icon NVD

Status : Received

Published: 2024-12-23T21:15:05.820

Modified: 2024-12-23T21:15:05.820

Link: CVE-2024-53961

cve-icon Redhat

No data.