Security News > 2023 > December > Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
2023-12-06 10:10
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,"
News URL
https://thehackernews.com/2023/12/hackers-exploited-coldfusion.html
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- HPE investigates breach as hacker claims to steal source code (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploiting flaws in SimpleHelp RMM to breach networks (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-26360 | Unspecified vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. | 8.6 |