CVE-2024-53961

Published Dec 23, 2024

Last updated a day ago

Overview

Description
ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.
Source
psirt@adobe.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.4
Impact score
5.2
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

psirt@adobe.com
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

2

  1. Adobe ColdFusionの脆弱性対策について(CVE-2024-53961) https://t.co/NT8bLuegpt

    @testshinotsuka

    25 Dec 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 𝐀𝐝𝐨𝐛𝐞 𝐏𝐚𝐭𝐜𝐡𝐞𝐬 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 Adobe has issued out-of-band security patches for its ColdFusion app server after discovering a critical path traversal vulnerability (CVE-2024-53961). The vulnerability allows attackers to gain unauthorized access to… h

    @TechBuzzRecap

    25 Dec 2024

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 𝐀𝐝𝐨𝐛𝐞 𝐂𝐨𝐥𝐝𝐅𝐮𝐬𝐢𝐨𝐧: 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 𝐃𝐢𝐬𝐜𝐨𝐯𝐞𝐫𝐞𝐝 According to socradar, a critical vulnerability known as CVE-2024-53961 has been discovered in Adobe ColdFusion versions 2023 and 2021. This vulnerability allows attackers to… h

    @TechBuzzRecap

    24 Dec 2024

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Adobe ColdFusionの脆弱性対策について(CVE-2024-53961) #IPA (Dec 24) https://t.co/ye4kGuSEEr

    @foxbook

    24 Dec 2024

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical Adobe ColdFusion Bug with PoC Exploit Code Discovered! 🚨 WIRE TOR - The Ethical Hacking Services Adobe has issued an out-of-band security update to address a critical vulnerability (CVE-2024-53961) in ColdFusion. This flaw is rated "Priority 1" due to its #hacker ht

    @WireTor

    24 Dec 2024

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Adobe ColdFusion Bug: When Path Traversal Takes a Detour to Chaos! Hot Take: Looks like Adobe’s ColdFusion is heating up in all the wrong ways. With a bug named CVE-2024-53961 lingering like an unwanted holiday gift, Adobe's out-of-band updates are like the fire extinguisher in

    @TheNimbleNerd

    24 Dec 2024

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. The flaw, tracked as CVE-2024-53961, is a path traversal vulnerability is Adobe Coldfusion that could allow malicious actors to read arbitrary files on affected servers, potentially exposing sensitive data. #infosecurity #TechNews #cybersecu https://t.co/Xm6gr6m1zg

    @LHackingupdates

    24 Dec 2024

    42 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Adobe ColdFusion Vulnerability (CVE-2024-53961) 🔹 Critical flaw with exploitation risks 🔹 Potential for data breaches 🔹 Apply updates immediately! 🔍 Full details: https://t.co/lKpMgBRkdL #CyberSecurity #VulnerabilityManagement #PatchNow #AdobeColdFusion https://t.co/TGGe9

    @socradar

    24 Dec 2024

    175 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-53961: Path Traversal in Adobe ColdFusion, 7.4 rating❗️ Fresh vuln allows attackers to read arbitrary files on the server, including confidential information. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/b1K25FMegT #cybersecurity #vulnerability_map https:/

    @Netlas_io

    24 Dec 2024

    484 Impressions

    2 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. CVE Alert: CVE-2024-53961 - https://t.co/n0DiiYkLWc #OSINT #ThreatIntel #CyberSecurity #cve_2024_53961

    @RedPacketSec

    24 Dec 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Adobe ColdFusionの脆弱性対策について(CVE-2024-53961) https://t.co/foJXCyg2oe

    @ICATalerts

    24 Dec 2024

    4533 Impressions

    8 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    1 Quote

  12. IPA 重要 | Adobe ColdFusionの脆弱性対策について(CVE-2024-53961) https://t.co/Jk50Y77Mtv #itsec_jp

    @itsec_jp

    24 Dec 2024

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🔨Apache Tomcatの重大なRCE脆弱性が修正される:CVE-2024-56337 ⚠️AdobeがColdFusionの重大な脆弱性について警告、PoCも存在:CVE-2024-53961 〜サイバーアラート 12月24日〜 https://t.co/t4vCGSKMQl #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    24 Dec 2024

    146 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. PoC Exploit Emerges for Adobe ColdFusion CVE-2024-53961—Apply Security Updates Now Urgent security update for Adobe ColdFusion: CVE-2024-53961. Take action now to safeguard your data from potential exploitation and file access https://t.co/Mo8aoEeXR0

    @the_yellow_fall

    24 Dec 2024

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Critical Adobe ColdFusion Vulnerability Alert (CVE-2024-53961) 🚨 Adobe has issued urgent security patches for a critical path traversal flaw in ColdFusion (versions 2023 & 2021) that could allow arbitrary file access. The company stresses updating within 72 hours due to…

    @arunpratap786

    23 Dec 2024

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-53961 ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that … https://t.co/XNZcjZeVu8

    @CVEnew

    23 Dec 2024

    749 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes