Intrusion PreventionAdobe.ColdFusion.PMSGenericServlet.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Adobe ColdFusion.
The vulnerability is due to missing input validation on the url parameter in PMSGenericServlet. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to a vulnerable Adobe ColdFusion instance. Successful exploitation of this vulnerability could lead to information disclosure from the target server.
Affected Products
Adobe ColdFusion prior to 2023.0.7
Adobe ColdFusion prior to 2021.0.13
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 55417 |
| Created | Apr 03, 2024 |
| Updated | Apr 22, 2024 |
| Risk |
|
| CVE ID | CVE-2024-20767 |
| Exploit Prediction Score | 10.77% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Adobe |