Advertisement
Top
image credit: Unsplash

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog

August 22, 2023

Via: The Hacker News
Category:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (Update 5 and earlier) that could result in arbitrary code execution in the context of the current user without requiring any interaction.

Read More on The Hacker News

RELATED PUBLICATIONS

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Ransomware evolves from mere extortion to ‘psychological attacks’

Latest Publications

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Ransomware evolves from mere extortion to ‘psychological attacks’
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!