Adobe ColdFusion versions 2018 Update 15 (and previous versions) and 2021 Update 5 (and previous versions) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 2018 |
||
adobe coldfusion 2021 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Tardy IT admins likely to get a chilly reception over the lack of updates
CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March and was shortly after added to CISA's known exploited vulnerability (KEV) catalog, setting an April 5 deadline for agencies to fix the issue. In a Tuesday advisory, CISA revealed the federal civilian executive branch (FCEB) in question was successful...