Security News > 2023 > July > Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability
2023-07-20 03:31

Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild.

The critical shortcoming, tracked as CVE-2023-38205, has been described as an instance of improper access control that could result in a security bypass.

"Adobe is aware that CVE-2023-38205 has been exploited in the wild in limited attacks targeting Adobe ColdFusion," the company said.

The cybersecurity firm has confirmed that the new patch completely plugs the security hole.

CVE-2023-29298, an access control bypass vulnerability, has been weaponized in real-world attacks by chaining it with another flaw that's suspected to be CVE-2023-38203 to drop web shells on compromised systems for backdoor access.

Adobe ColdFusion users are highly recommended to update their installations to the latest version to mitigate potential threats.


News URL

https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-14 CVE-2023-38205 Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
7.5
7.5
2023-07-20 CVE-2023-38203 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2023-07-12 CVE-2023-29298 Unspecified vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 166 68 2164 962 2112 5306