CVE-2023-26359

Warnung

EPSS 86.79%
Veröffentlicht 23.03.2023 20:15:15
Zuletzt bearbeitet 23.10.2025 11:12:54
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2018 Update-

Adobe ≫ Coldfusion Version2018 Updateupdate1

Adobe ≫ Coldfusion Version2018 Updateupdate10

Adobe ≫ Coldfusion Version2018 Updateupdate11

Adobe ≫ Coldfusion Version2018 Updateupdate12

Adobe ≫ Coldfusion Version2018 Updateupdate13

Adobe ≫ Coldfusion Version2018 Updateupdate14

Adobe ≫ Coldfusion Version2018 Updateupdate15

Adobe ≫ Coldfusion Version2018 Updateupdate2

Adobe ≫ Coldfusion Version2018 Updateupdate3

Adobe ≫ Coldfusion Version2018 Updateupdate4

Adobe ≫ Coldfusion Version2018 Updateupdate5

Adobe ≫ Coldfusion Version2018 Updateupdate6

Adobe ≫ Coldfusion Version2018 Updateupdate7

Adobe ≫ Coldfusion Version2018 Updateupdate8

Adobe ≫ Coldfusion Version2018 Updateupdate9

Adobe ≫ Coldfusion Version2021 Update-

Adobe ≫ Coldfusion Version2021 Updateupdate1

Adobe ≫ Coldfusion Version2021 Updateupdate2

Adobe ≫ Coldfusion Version2021 Updateupdate3

Adobe ≫ Coldfusion Version2021 Updateupdate4

Adobe ≫ Coldfusion Version2021 Updateupdate5

21.08.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Schwachstelle

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	86.79%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@adobe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26359

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-26359

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-26359

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-26359

EUVD