CVE CVE

CVE-2023-38203

CISA Known Exploited Vulnerability (KEV)

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

January 8, 2024

January 29, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Weakness Enumeration

CWE-ID CWE Name

CWE-502
Deserialization of Untrusted Data

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
9.8
Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined