Security News > 2023 > August > Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.
The vulnerability, cataloged as CVE-2023-26359, relates to a deserialization flaw present in Adobe ColdFusion 2018 and ColdFusion 2021 that could result in arbitrary code execution in the context of the current user without requiring any interaction.
It was patched by Adobe as part of updates issued in March 2023.
As of writing, it's immediately not clear how the flaw is being abused in the wild.
That said, the development comes more than five months after CISA placed another flaw impacting the same product to the KEV catalog.
Adobe said it's aware of the weakness being exploited in "Very limited attacks" aimed at ColdFusion.
News URL
https://thehackernews.com/2023/08/critical-adobe-coldfusion-flaw-added-to.html
Related news
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- CISA: Most critical open source projects not using memory safe code (source)
- Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack (source)
- Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments (source)
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)