← Retour aux CVEs

CVE-2023-26360

HIGHCISA KEV

8.6

Description

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Details CVE

Score CVSS v3.18.6

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/23/2023

Derniere modification10/23/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurAdobe

ProduitColdFusion

Nom vulnerabiliteAdobe ColdFusion Deserialization of Untrusted Data Vulnerability

Date ajout KEV2023-03-15

Date limite remediation2023-04-05

Utilise dans ransomwareUnknown

Produits affectes

adobe:coldfusion

Faiblesses (CWE)

CWE-284

References

http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html(psirt@adobe.com)

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html(psirt@adobe.com)

http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26360(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.