CVE-2022-38423

Summary

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.

Affected Software

VendorProductVersion RangeStatus
AdobeColdFusionunspecified <= CF2021U4affected
AdobeColdFusionunspecified <= CF2018u14affected
AdobeColdFusionunspecified <= Noneaffected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References