Adobe Releases Critical Security Updates

Adobe security updates address a critical vulnerability in Adobe ColdFusion

Threat ID:: CC-4358
Threat Severity:: Medium
Published:: 18 July 2023 11:52 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Adobe security updates address a critical vulnerability in Adobe ColdFusion

Affected platforms

The following platforms are known to be affected:

Versions: ColdFusion 2018 - 17 and earlier, ColdFusion 2021 - 7 and earlier, ColdFusion 2023 - 1 and earlier

Adobe ColdFusion

ColdFusion 2018
ColdFusion 2021
ColdFusion 2023

Threat details

Introduction

Adobe has released security updates to address a Critical vulnerability known as CVE-2023-38203. An attacker could exploit this vulnerability to perform arbitrary code execution on an affected system.

Exploitation of CVE-2023-38203

Adobe are aware of a publicly available proof of concept exploiting CVE-2023-38203. The US Cybersecurity and Infrastructure Security Agency (CISA) have added CVE-2023-38203 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.

Threat updates

Date	Update
9 Jan 2024	Added to CISA's Known Exploited Vulnerability Catalog The US Cybersecurity and Infrastructure Security Agency (CISA) have added CVE-2023-22518 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.

Remediation advice

Organisations are encouraged to review the Adobe security advisory for Adobe ColdFusion and apply the relevant updates.

Remediation steps

Type	Step
Patch	Security update available for Adobe ColdFusion \| APSB23-41 https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2023-38203

Last edited: 9 January 2024 12:16 pm