Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution
CVE-2023-26359
Key Information:
- Vendor
- Adobe
- Status
- Vendor
- CVE Published:
- 23 March 2023
Badges
Summary
Adobe ColdFusion versions 2018 Update 15 and earlier, along with 2021 Update 5 and earlier, are susceptible to a deserialization vulnerability, enabling unauthorized execution of arbitrary code within the context of the current user. This issue can be exploited without requiring any user interaction, posing a significant risk to systems using these versions. It is crucial for administrators and security professionals to address this vulnerability to prevent potential breaches.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
ColdFusion <= unspecified
ColdFusion <= unspecified
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog
Critical security flaw in Adobe ColdFusion has been added to CISA's Known Exploited Vulnerabilities catalog.
4 months ago
Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359) - Help Net Security
CVE-2023-26360 and CVE-2023-26359 are being exploited by attackers, and now there's public PoCs. How to detect if you've been hit?
1 year ago
References
EPSS Score
17% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by Help Net Security
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved