Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw

17-Jul-23

On Friday, Adobe released remedies for a severe ColdFusion vulnerability that could be used to execute arbitrary code. The vulnerability is identified as “deserialization of untrusted data” in ColdFusion versions 2023, 2021, and 2018 and is tracked as CVE-2023-38203 (CVSS score of 9.8).

This often enables an attacker to deliver specially crafted data and start arbitrary code execution, which may compromise the entire system.x000D Adobe claims that details about how this vulnerability might be exploited in attacks have been posted online.

Read More…