[unable to retrieve full-text content]CISA warns govt agencies to patch Adobe ColdFusion servers  BleepingComputer Source link

[unable to retrieve full-text content]Adobe out-of-band update addresses an actively exploited …  Security Affairs Source link

[unable to retrieve full-text content]Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw  BleepingComputer Source link

[unable to retrieve full-text content]Critical Adobe ColdFusion flaws chained in ongoing cyber attacks  ComputerWeekly.com Source link

[unable to retrieve full-text content]Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)  Help Net Security Source link

Two vulnerabilities in the Adobe ColdFusion platform are being actively exploited by threat actors in a series of cyber attacks, apparently after a proof of concept (PoC) for one of them was accidentally released to the public by researchers. The two vulnerabilities in question are CVE-2023-29298, an access control bypass flaw, and CVE-2023-38203, a remote code execution flaw, and together they seem to be being used to drop web shells on vulnerable ColdFusion instances in the service of enabling further attacks. However, according to Caitlin Condon of Rapid7, who has been tracking the vulnerabilities and posted new evidence detailing the exploit chain being used late on Monday 17 July, some confusion seems to have arisen over exactly what is going on. The background to the issue… Source link

[unable to retrieve full-text content]Multiple Adobe ColdFusion flaws exploited in the wild  TechTarget Source link

[unable to retrieve full-text content]Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks  SecurityWeek Source link

[unable to retrieve full-text content]New Vulnerabilities Found in Adobe ColdFusion  Infosecurity Magazine Source link

[unable to retrieve full-text content]Adobe Fixes Critical ColdFusion Flaw | Decipher  Duo Security Source link