← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-20767 — Actively Exploited: ColdFusion (Adobe)

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

CVE IDCVE-2024-20767
VendorAdobe
ProductColdFusion
Vulnerability nameAdobe ColdFusion Improper Access Control Vulnerability
Date added2024-12-16
Remediation due2025-01-06
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionAdobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →