Home
LOW: 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NDefault status
affected
Any version
affected
11 (semver)
unaffected
Default status
affected
Any version
affected
22 (semver)
unaffected
Description
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Problem types
Insufficient Session Expiration (CWE-613)
Product status
Any version
11 (semver)
Any version
22 (semver)
References
helpx.adobe.com/security/products/coldfusion/apsb26-82.html