CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jan 6, 2025

High

CISA KEV

CVE-2024-20767

Adobe—ColdFusion

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

Required Action

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Unknown
Published: Dec 16, 2024
KEV Added: Dec 16, 2024
Due Date: Jan 6, 2025
Related Articles: 0

Vendor

Adobe

ColdFusion