HB Ad Slot
HB Mobile Ad Slot
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP
Friday, July 21, 2023

Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023, announced patches for CVE-2023-29298, an improper access control issue that can lead to a security feature bypass, and CVE-2023-29300, a deserialization issue that can be exploited for arbitrary code execution.

On July 14, Adobe announced patches for CVE-2023-38203, another deserialization issue that could lead to arbitrary code execution.

Adobe’s website states: “ColdFusion (2021 release) Update 9 (release date, 19 July, 2023) resolves critical vulnerabilities that could lead to improper access control and security feature bypass.” Adobe recommends that companies apply the patches contained in Update 9 to avoid exploitation of the vulnerabilities.

Security Week is reporting that despite patching, the vulnerabilities are still being exploited in the wild. Those who use ColdFusion should continue to monitor updates from Adobe in the event the vulnerabilities are still active and follow patching of these vulnerabilities closely.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins