← Zuruck zu CVEs

CVE-2023-26360

HIGHCISA KEV

8.6

Beschreibung

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVE Details

CVSS v3.1 Bewertung8.6

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht3/23/2023

Zuletzt geandert10/23/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerAdobe

ProduktColdFusion

SchwachstellennameAdobe ColdFusion Deserialization of Untrusted Data Vulnerability

KEV Aufnahmedatum2023-03-15

Behebungsfrist2023-04-05

Ransomware-NutzungUnknown

Betroffene Produkte

adobe:coldfusion

Schwachen (CWE)

CWE-284

Referenzen

http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html(psirt@adobe.com)

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html(psirt@adobe.com)

http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26360(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.