CVE-2023-29300

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 12, 2023

Updated: Jan 9, 2024

CWE ID 502

Summary

CVE-2023-29300 is a deserialization vulnerability affecting Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier, and 2023.0.0.330468 and earlier. This issue allows attackers to execute arbitrary code without requiring user interaction. Exploitation occurs when the software deserializes untrusted data, resulting in code execution with the privileges of the affected application. Users are urged to update to the latest version of Adobe ColdFusion as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe ColdFusion

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r9L8QE
https://www.cve.org/CVERecord?id=CVE-2023-29300
https://nvd.nist.gov/vuln/detail/CVE-2023-29300

Back to Vulnerability Database