March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Ursnif Banking Trojan aka Gozi – Active IOCs
March 17, 2023
Rewterz Threat Alert – Chaos Ransomware – Active IOCs
March 17, 2023
Rewterz Threat Alert – Ursnif Banking Trojan aka Gozi – Active IOCs
March 17, 2023
Rewterz Threat Alert – Chaos Ransomware – Active IOCs
March 17, 2023
Severity
High
Analysis Summary
CVE-2023-26361 CVSS:4.9
Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing directory traversal sequences to read arbitrary files on the system.
CVE-2023-26360 CVSS:8.6
Adobe ColdFusion could allow a remote attacker to obtain sensitive information, caused by improper access control. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-26359 CVSS:9.8
Adobe ColdFusion could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Information Disclosure
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2023-26361
- CVE-2023-26360
- CVE-2023-26359
Affected Vendors
Adobe
Affected Products
- Adobe ColdFusion 2018 Update 15
- Adobe ColdFusion 2021 Update 5
Remediation
Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.