CVE-2022-38418
Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability
In short
Adobe ColdFusion has a path traversal flaw that allows attackers to access files and execute code on the server without needing any user interaction. This is a critical vulnerability affecting older versions of the software.
Technical detail
The vulnerability exploits improper pathname validation (CWE-22) in Adobe ColdFusion Update 14 and earlier, allowing unauthenticated remote attackers to traverse directory restrictions and achieve arbitrary code execution within the application context. No user interaction is required, making it a direct remote attack vector with complete system compromise potential.
Summary generated and translated by AI from the official description.
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Adobe · ColdFusionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →