Thursday, March 16, 2023
HomeCyber SecurityAdobe ColdFusion Vulnerability Exploited within the Wild

Adobe ColdFusion Vulnerability Exploited within the Wild


Mar 16, 2023Ravie LakshmananZero-Day / Vulnerability

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on March 15 added a safety vulnerability impacting Adobe ColdFusion to its Identified Exploited Vulnerabilities (KEV) catalog, primarily based on proof of lively exploitation.

The important flaw in query is CVE-2023-26360 (CVSS rating: 8.6), which might be exploited by a risk actor to realize arbitrary code execution.

“Adobe ColdFusion comprises an improper entry management vulnerability that enables for distant code execution,” CISA mentioned.

The vulnerability impacts ColdFusion 2018 (Replace 15 and earlier variations) and ColdFusion 2021 (Replace 5 and earlier variations). It has been addressed in variations Replace 16 and Replace 6, respectively, launched on March 14, 2023.

It is price noting that CVE-2023-26360 additionally impacts ColdFusion 2016 and ColdFusion 11 installations, however are not supported by the software program firm as they’ve reached end-of-life (EoL).

Whereas the precise particulars surrounding the character of the assaults are unknown, Adobe mentioned in an advisory that it is conscious of the flaw being “exploited within the wild in very restricted assaults.”

WEBINAR

Uncover the Hidden Risks of Third-Get together SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be a part of our webinar to be taught in regards to the kinds of permissions being granted and easy methods to reduce danger.

RESERVE YOUR SEAT

Federal Civilian Govt Department (FCEB) businesses are required to use the updates by April 5, 2023, to safeguard their networks towards potential threats.

Charlie Arehart, a safety researcher credited with discovering and reporting the flaw alongside Pete Freitag, described it as a “grave” problem that would end in “arbitrary code execution” and “arbitrary file system learn.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments