Attack

ColdFusion Vulnerability Actively Attacked

Take action: If you haven't already patched your Adobe ColdFusion, time to do it immediately. And make in-depth review of your ColdFusion servers and related infrastructure for indicators of exploit.

Learn More

Malicious groups are using a vulnerability in Adobe ColdFusion, a web application platform as a target in active hacking campaigns.

The exploited vulnerability is CVE-2023-26359 (CVSS3 score 9.8). The vulnerability stems from a data deserialization error, a critical concern for a web application platform like ColdFusion. Adobe specifies that an attacker can exploit this vulnerability remotely without requiring any form of authorization. A successful exploitation could potentially enable remote code execution without any user interaction.

Adobe has released an update to address the vulnerability in March. For users of ColdFusion 2018, the bug can be fixed by installing Update 16, while for ColdFusion 2021, the flaw is rectified with Update 6. Additionally, Adobe notes that a Java Development Kit (JDK) update is necessary for a complete resolution.

ColdFusion Vulnerability Actively Attacked
Read More
CISA reports actively exploited Sitecore CMS Vulnerabilities
GlassWorm supply chain attack: Self-Propagating malware infects Visual …
Critical vulnerability in Fortra GoAnywhere actively exploited
KerioControl firewall flaw actively exploited by hackers
Windows AFD for WinSock vulnerability exploited by North …