CVE-2023-26360

Warnung

Exploit

EPSS 94.33%
Veröffentlicht 23.03.2023 20:15:15
Zuletzt bearbeitet 23.10.2025 11:12:47
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2018 Update-

Adobe ≫ Coldfusion Version2018 Updateupdate1

Adobe ≫ Coldfusion Version2018 Updateupdate10

Adobe ≫ Coldfusion Version2018 Updateupdate11

Adobe ≫ Coldfusion Version2018 Updateupdate12

Adobe ≫ Coldfusion Version2018 Updateupdate13

Adobe ≫ Coldfusion Version2018 Updateupdate14

Adobe ≫ Coldfusion Version2018 Updateupdate15

Adobe ≫ Coldfusion Version2018 Updateupdate2

Adobe ≫ Coldfusion Version2018 Updateupdate3

Adobe ≫ Coldfusion Version2018 Updateupdate4

Adobe ≫ Coldfusion Version2018 Updateupdate5

Adobe ≫ Coldfusion Version2018 Updateupdate6

Adobe ≫ Coldfusion Version2018 Updateupdate7

Adobe ≫ Coldfusion Version2018 Updateupdate8

Adobe ≫ Coldfusion Version2018 Updateupdate9

Adobe ≫ Coldfusion Version2021 Update-

Adobe ≫ Coldfusion Version2021 Updateupdate1

Adobe ≫ Coldfusion Version2021 Updateupdate2

Adobe ≫ Coldfusion Version2021 Updateupdate3

Adobe ≫ Coldfusion Version2021 Updateupdate4

Adobe ≫ Coldfusion Version2021 Updateupdate5

15.03.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Schwachstelle

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.33%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@adobe.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Patch

Vendor Advisory

http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26360

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-26360

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-26360

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-26360

EUVD