Skip to main content

Adobe ColdFusion Remote Code Execution Vulnerability

Release Date: 18 Jul 2023 4669 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability was identified in Adobe ColdFusion. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

Proof Of Concept Exploit Code Is Publicly Available for CVE-2023-38203.


Impact

  • Remote Code Execution

System / Technologies affected

  • ColdFusion 2018 - Update 17 and earlier versions
  • ColdFusion 2021 - Update 7 and earlier versions
  • ColdFusion 2023 - Update 1 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 
Apply fixes issued by the vendor:

Vulnerability Identifier


Source


Related Link