Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution
CVE-2023-26359
Key Information:
- Vendor
- Adobe
- Status
- Vendor
- CVE Published:
- 23 March 2023
Badges
Summary
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
ColdFusion <= unspecified
ColdFusion <= unspecified
News Articles
The Hacker NewsCVE-2023-26359Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog
Critical security flaw in Adobe ColdFusion has been added to CISA's Known Exploited Vulnerabilities catalog.
3 months ago
Help Net SecurityPrevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359) - Help Net Security
CVE-2023-26360 and CVE-2023-26359 are being exploited by attackers, and now there's public PoCs. How to detect if you've been hit?
1 year ago
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by Help Net Security
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved