Adobe ColdFusion - Access Control Bypass (CVE-2023-38205)

There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.

Adobe ColdFusion版本2023更新2及以下、2021更新8及以下以及2018更新18及以下均存在访问控制绕过漏洞，该漏洞允许远程攻击者绕过限制未认证外部访问ColdFusion管理员的ColdFusion机制。