CVE-2023-29301

Summary

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction.

Affected Software

VendorProductVersion RangeStatus
AdobeColdFusion0 <= 2023.0.0.330468affected

Weaknesses

  • CWE-307: Improper Restriction of Excessive Authentication Attempts (CWE-307)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References