CVE-2023-38203

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 20, 2023

Updated: Jan 9, 2024

CWE ID 502

Summary

CVE-2023-38203 is adeserialization vulnerability affecting Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier, and 2023u1 and earlier. This issue enables an attacker to execute arbitrary code without user interaction, by deserializing untrusted data. The vulnerability can lead to serious security consequences, including system compromise and data theft. It is essential for users to update their Adobe ColdFusion installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe ColdFusion

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-y89d
https://www.cve.org/CVERecord?id=CVE-2023-38203
https://nvd.nist.gov/vuln/detail/CVE-2023-38203

Back to Vulnerability Database