Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Dec 06, 2023NewsroomVulnerability / Web Server Security

Adobe ColdFusion Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers.

“The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said, adding an unnamed federal agency was targeted between June and July 2023.

The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023.

Cybersecurity

It was added by CISA to the Known…


Source link

About coldfusion

Check Also

Department of Energy To Revisit Cold Fusion – Space Daily

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *