CVE-2024-20767

unknown KEV

Published 2024-12-16 · Modified 2024-12-16

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

CISA KEV

Vendor: Adobe
Product: ColdFusion
Due date: 2025-01-06

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767

Exploits

References

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767

Verify integrity in audit chain (admin only). AS-IS.