CVE-2024-20767 — Adobe ColdFusion Improper Access Control Vulnerability

Description

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

How to fix CVE-2024-20767

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2024-20767 being exploited?

Yes — CVE-2024-20767 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.