CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared.

CVE-2023-26360 government servers

About the exploited vulnerability

CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution.

Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”.

CVE-2023-26360 affected Adobe ColdFusion versions 2021, 2018, 2016 and 11, but Adobe provided patches only for the former two, as ColdFusion 2016 and 11 had previously reached the end of their (product) lifecycle.

CISA added the…


Source link

About coldfusion

Check Also

Department of Energy To Revisit Cold Fusion – Space Daily

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *