/

CVE-2023-26360 Report - Details, Severity, & Advisorie...

CVE-2023-26360 Report - Details, Severity, & Advisories

Twingate Team

Jan 25, 2024

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion versions 2018 and 2021, with a severity score of 9.8. This security issue allows for improper access control, potentially leading to arbitrary code execution without user interaction. The vulnerability impacts various configurations of Adobe ColdFusion software, posing a significant risk to affected systems. For those not familiar with vulnerabilities, this means that attackers could exploit this weakness to gain unauthorized access and control over the targeted systems.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Adobe ColdFusion versions 2018 Update 15 and earlier, or 2021 Update 5 and earlier. These versions are impacted by an Improper Access Control vulnerability that could lead to arbitrary code execution without user interaction. Keep in mind that this vulnerability is related to Adobe ColdFusion and not Apple products.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your Adobe ColdFusion to the latest version: Update 16 for ColdFusion 2018 or Update 6 for ColdFusion 2021. Also, update the ColdFusion JDK/JRE and apply security configuration settings as outlined on the Adobe ColdFusion Security page. Review the respective Lockdown guides for additional security measures.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-26360 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. It's called Adobe ColdFusion Deserialization of Untrusted Data Vulnerability and was added on March 15, 2023. The due date for taking action is April 5, 2023, and the required action is to apply updates according to vendor instructions.

Weakness enumeration

The vulnerability is associated with CWE-284 (Improper Access Control), which can lead to unauthorized access and control over affected systems.

For more details

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion, with severe consequences if exploited. Our analysis of various sources, including the NVD page, provides a comprehensive understanding of the issue. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-26360 Report - Details, Severity, & Advisorie...

CVE-2023-26360 Report - Details, Severity, & Advisories

Twingate Team

Jan 25, 2024

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion versions 2018 and 2021, with a severity score of 9.8. This security issue allows for improper access control, potentially leading to arbitrary code execution without user interaction. The vulnerability impacts various configurations of Adobe ColdFusion software, posing a significant risk to affected systems. For those not familiar with vulnerabilities, this means that attackers could exploit this weakness to gain unauthorized access and control over the targeted systems.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Adobe ColdFusion versions 2018 Update 15 and earlier, or 2021 Update 5 and earlier. These versions are impacted by an Improper Access Control vulnerability that could lead to arbitrary code execution without user interaction. Keep in mind that this vulnerability is related to Adobe ColdFusion and not Apple products.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your Adobe ColdFusion to the latest version: Update 16 for ColdFusion 2018 or Update 6 for ColdFusion 2021. Also, update the ColdFusion JDK/JRE and apply security configuration settings as outlined on the Adobe ColdFusion Security page. Review the respective Lockdown guides for additional security measures.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-26360 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. It's called Adobe ColdFusion Deserialization of Untrusted Data Vulnerability and was added on March 15, 2023. The due date for taking action is April 5, 2023, and the required action is to apply updates according to vendor instructions.

Weakness enumeration

The vulnerability is associated with CWE-284 (Improper Access Control), which can lead to unauthorized access and control over affected systems.

For more details

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion, with severe consequences if exploited. Our analysis of various sources, including the NVD page, provides a comprehensive understanding of the issue. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-26360 Report - Details, Severity, & Advisories

Twingate Team

Jan 25, 2024

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion versions 2018 and 2021, with a severity score of 9.8. This security issue allows for improper access control, potentially leading to arbitrary code execution without user interaction. The vulnerability impacts various configurations of Adobe ColdFusion software, posing a significant risk to affected systems. For those not familiar with vulnerabilities, this means that attackers could exploit this weakness to gain unauthorized access and control over the targeted systems.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Adobe ColdFusion versions 2018 Update 15 and earlier, or 2021 Update 5 and earlier. These versions are impacted by an Improper Access Control vulnerability that could lead to arbitrary code execution without user interaction. Keep in mind that this vulnerability is related to Adobe ColdFusion and not Apple products.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your Adobe ColdFusion to the latest version: Update 16 for ColdFusion 2018 or Update 6 for ColdFusion 2021. Also, update the ColdFusion JDK/JRE and apply security configuration settings as outlined on the Adobe ColdFusion Security page. Review the respective Lockdown guides for additional security measures.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-26360 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. It's called Adobe ColdFusion Deserialization of Untrusted Data Vulnerability and was added on March 15, 2023. The due date for taking action is April 5, 2023, and the required action is to apply updates according to vendor instructions.

Weakness enumeration

The vulnerability is associated with CWE-284 (Improper Access Control), which can lead to unauthorized access and control over affected systems.

For more details

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion, with severe consequences if exploited. Our analysis of various sources, including the NVD page, provides a comprehensive understanding of the issue. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.