Security News > 2023 > July > Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability
Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild.
The critical shortcoming, tracked as CVE-2023-38205, has been described as an instance of improper access control that could result in a security bypass.
"Adobe is aware that CVE-2023-38205 has been exploited in the wild in limited attacks targeting Adobe ColdFusion," the company said.
The cybersecurity firm has confirmed that the new patch completely plugs the security hole.
CVE-2023-29298, an access control bypass vulnerability, has been weaponized in real-world attacks by chaining it with another flaw that's suspected to be CVE-2023-38203 to drop web shells on compromised systems for backdoor access.
Adobe ColdFusion users are highly recommended to update their installations to the latest version to mitigate potential threats.
News URL
https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-14 | CVE-2023-38205 | Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 0.0 |
2023-07-20 | CVE-2023-38203 | Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 0.0 |
2023-07-12 | CVE-2023-29298 | Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 7.5 |