Coldfusion Just another Free Website Blog site

Dec 06, 2023NewsroomVulnerability / Web Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said, adding an unnamed federal agency was targeted between June and July 2023. The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023. It was added by CISA to the Known… Source link

Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency’s systems two months after a mandated deadline to mitigate the vulnerability had passed. The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved. The attacks — carried out by either one or two unknown threat groups — exploited CVE-2023-26360, an improper access control vulnerability that can result in arbitrary code execution. The bug affects versions of ColdFusion 2018 prior to Update 16 and ColdFusion 2021 prior to Update 6. It also affects two older versions of the web-application development software which are no longer… Source link

[unable to retrieve full-text content]Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency  SecurityWeek Source link

[unable to retrieve full-text content]Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw  Security Affairs Source link

[unable to retrieve full-text content]ColdFusion Exploit Used to Access Federal Agency  Duo Security Source link

[unable to retrieve full-text content]Federal agency breached through Adobe ColdFusion vulnerability  The Record from Recorded Future News Source link

[unable to retrieve full-text content]CISA details twin attacks on federal servers via unpatched ColdFusion flaw  The Register Source link

[unable to retrieve full-text content]Critical Vulnerability in Adobe ColdFusion Exploited by Hackers …  CityLife Source link

[unable to retrieve full-text content]Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial …  CISA Source link

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running  Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates. In an alert today, America’s Cyber Defense Agency warns that CVE-2023-26360 is still leveraged in attacks, showcasing… Source link