diff --git a/GobyVuls-Document.md b/GobyVuls-Document.md index 2b0fc41..12fd912 100644 --- a/GobyVuls-Document.md +++ b/GobyVuls-Document.md @@ -1,7 +1,21 @@ # Goby History Update Vulnerability Total Document (Continuously Update) The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. -**Updated document date: March 21, 2024** +**Updated document date: March 28, 2024** + + +## Adobe ColdFusion /CFIDE/adminapi/_servermanager/servermanager.cfc File Read Vulnerability (CVE-2024-20767) + +| **Vulnerability** | Adobe ColdFusion /CFIDE/adminapi/_servermanager/servermanager.cfc File Read Vulnerability (CVE-2024-20767) | +| :----: | :-----| +| **Chinese name** | Adobe ColdFusion /CFIDE/adminapi/_servermanager/servermanager.cfc 文件读取漏洞 (CVE-2024-20767) | +| **CVSS core** | 8.2 | +| **FOFA Query** (click to view the results directly)| [app="Adobe-ColdFusion"](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D)| +| **Number of assets affected** | 504562 | +| **Description** | Adobe ColdFusion is a commercial application server developed by Adobe for web application development. The vulnerability allows an attacker to read important system files (e.g., database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure web site.| +| **Impact** | The vulnerability allows an attacker to read important system files (e.g., database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure web site. | + +![](https://s3.bmp.ovh/imgs/2024/03/28/d8f5c5bf74cb4017.gif). ## JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199)