CVE-2023-29300

Warnung

EPSS 93.8%
Veröffentlicht 12.07.2023 16:15:11
Zuletzt bearbeitet 23.10.2025 11:13:06
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2018 Update-

Adobe ≫ Coldfusion Version2018 Updateupdate1

Adobe ≫ Coldfusion Version2018 Updateupdate10

Adobe ≫ Coldfusion Version2018 Updateupdate11

Adobe ≫ Coldfusion Version2018 Updateupdate12

Adobe ≫ Coldfusion Version2018 Updateupdate13

Adobe ≫ Coldfusion Version2018 Updateupdate14

Adobe ≫ Coldfusion Version2018 Updateupdate15

Adobe ≫ Coldfusion Version2018 Updateupdate16

Adobe ≫ Coldfusion Version2018 Updateupdate2

Adobe ≫ Coldfusion Version2018 Updateupdate3

Adobe ≫ Coldfusion Version2018 Updateupdate4

Adobe ≫ Coldfusion Version2018 Updateupdate5

Adobe ≫ Coldfusion Version2018 Updateupdate6

Adobe ≫ Coldfusion Version2018 Updateupdate7

Adobe ≫ Coldfusion Version2018 Updateupdate8

Adobe ≫ Coldfusion Version2018 Updateupdate9

Adobe ≫ Coldfusion Version2021 Update-

Adobe ≫ Coldfusion Version2021 Updateupdate1

Adobe ≫ Coldfusion Version2021 Updateupdate2

Adobe ≫ Coldfusion Version2021 Updateupdate3

Adobe ≫ Coldfusion Version2021 Updateupdate4

Adobe ≫ Coldfusion Version2021 Updateupdate5

Adobe ≫ Coldfusion Version2021 Updateupdate6

Adobe ≫ Coldfusion Version2023 Update-

08.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Schwachstelle

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.8%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@adobe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29300

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-29300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29300

EUVD