CVE-2023-38205

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38205
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html Vendor Advisory
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
History

23 Oct 2025, 11:13

Type Values Removed Values Added
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205 - Third Party Advisory, US Government Resource

21 Oct 2025, 23:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205 -

21 Oct 2025, 20:19

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:20

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38205 -

21 Nov 2024, 08:13

Type Values Removed Values Added
References () https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html - Vendor Advisory () https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html - Vendor Advisory

19 Sep 2023, 17:27

Type Values Removed Values Added
CPE cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
References (MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html - (MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html - Vendor Advisory
CWE CWE-284 NVD-CWE-Other
First Time Adobe
Adobe coldfusion

14 Sep 2023, 13:01

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-14 08:15

Updated : 2025-10-23 11:13

NVD link : CVE-2023-38205

Mitre link : CVE-2023-38205

CVE.ORG link : CVE-2023-38205

JSON object : View

Products Affected

adobe

  • coldfusion
CWE
CWE-284

Improper Access Control

NVD-CWE-Other