Rewterz Threat Update – Saudi Arabian Ministry Exposed Sensitive Data for 15 Months
January 9, 2024Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
January 9, 2024Rewterz Threat Update – Saudi Arabian Ministry Exposed Sensitive Data for 15 Months
January 9, 2024Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
January 9, 2024Severity
High
Analysis Summary
CVE-2023-29300 CVSS:9.8
Adobe ColdFusion could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-38203 CVSS:9.8
Adobe ColdFusion could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system.
Payload:
Impact
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-29300
- CVE-2023-38203
Affected Vendors
Adobe
Affected Products
- Adobe ColdFusion 2018 Update 16
- Adobe ColdFusion 2021 Update 6
- Adobe ColdFusion 2023 GA Release (2023.0.0.330468)
- Adobe ColdFusion 2023 Update 1
- Adobe ColdFusion 2018 Update 17
- Adobe ColdFusion 2021 Update 7
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.