module
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
| Disclosed |
|---|
| Mar 12, 2024 |
Disclosed
Mar 12, 2024
Description
This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version
'2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication
token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanager.cfc endpoint. Using that
UUID attackers can hit the /pms endpoint in order to exploit the Arbitrary File Read Vulnerability.
'2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication
token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanager.cfc endpoint. Using that
UUID attackers can hit the /pms endpoint in order to exploit the Arbitrary File Read Vulnerability.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.