CVE-2023-38203

Warnung

EPSS 94.26%
Veröffentlicht 20.07.2023 16:15:12
Zuletzt bearbeitet 23.10.2025 11:13:14
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2018 Update-

Adobe ≫ Coldfusion Version2018 Updateupdate1

Adobe ≫ Coldfusion Version2018 Updateupdate10

Adobe ≫ Coldfusion Version2018 Updateupdate11

Adobe ≫ Coldfusion Version2018 Updateupdate12

Adobe ≫ Coldfusion Version2018 Updateupdate13

Adobe ≫ Coldfusion Version2018 Updateupdate14

Adobe ≫ Coldfusion Version2018 Updateupdate15

Adobe ≫ Coldfusion Version2018 Updateupdate16

Adobe ≫ Coldfusion Version2018 Updateupdate17

Adobe ≫ Coldfusion Version2018 Updateupdate2

Adobe ≫ Coldfusion Version2018 Updateupdate3

Adobe ≫ Coldfusion Version2018 Updateupdate4

Adobe ≫ Coldfusion Version2018 Updateupdate5

Adobe ≫ Coldfusion Version2018 Updateupdate6

Adobe ≫ Coldfusion Version2018 Updateupdate7

Adobe ≫ Coldfusion Version2018 Updateupdate8

Adobe ≫ Coldfusion Version2018 Updateupdate9

Adobe ≫ Coldfusion Version2021 Update-

Adobe ≫ Coldfusion Version2021 Updateupdate1

Adobe ≫ Coldfusion Version2021 Updateupdate2

Adobe ≫ Coldfusion Version2021 Updateupdate3

Adobe ≫ Coldfusion Version2021 Updateupdate4

Adobe ≫ Coldfusion Version2021 Updateupdate5

Adobe ≫ Coldfusion Version2021 Updateupdate6

Adobe ≫ Coldfusion Version2021 Updateupdate7

Adobe ≫ Coldfusion Version2023 Update-

Adobe ≫ Coldfusion Version2023 Updateupdate1

08.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Schwachstelle

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.26%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@adobe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38203

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-38203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38203

EUVD