Publish date: September 24 2019
Versions affected: 2018 Update 4 and earlier versions, 2016 Update 11 and earlier versions
Fixed version: 2018 Update 5, 2016 Update 12
Author: Daniel Underhay
Path Traversal Vulnerability (CVE-2017-5219)
By default, custom applications built using the Adobe ColdFusion platform would block access to the admin portal. Access is restricted (usually) based on IP address, which is added to an allowlist. Any attempts to access the admin portal (for example - https://example.com/CFIDE/administrator/index.cfm), will result in a redirect to the main page of the application.
..;/ it was possible to bypass the access controls and access the ColdFusion admin portal.