CVE-2023-26347
HIGHCVSS v3
7.5
HIGH
EPSS Score
85.7%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
Technical Details
- Published
- 11/17/2023
Frequently Asked Questions
What is CVE-2023-26347?
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
Is CVE-2023-26347 actively exploited?
Active exploitation of CVE-2023-26347 has not been confirmed. The EPSS score is 85.7%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2023-26347?
CVE-2023-26347 has a CVSS v3 base score of 7.5 (HIGH severity).
Is CVE-2023-26347 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.