all InfoSec news
Adobe ColdFusion Access Control Bypass (CVE-2023-26347, CVE-2023-38205)
Jan. 16, 2024, 3:37 a.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
The Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by Improper Access Control vulnerabilities that could result in a security bypass. Exploitation of these vulnerabilities could give attacker access to the ColdFusion Administrator endpoints for further attack.
What is the Vendor Solution?
Adobe released patches for the security bypass flaws in June 2023. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature "Adobe.ColdFusion.IPFilterUtils.Authentication.Bypass" to protect any exploitations …
access access control adobe adobe coldfusion attack attacker bypass coldfusion control cve endpoints exploitation patches result security security bypass solution vendor vulnerabilities vulnerability what is
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
1 week, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Associate Engineer (Security Operations Centre)
@ People Profilers | Singapore, Singapore, Singapore
DevSecOps Engineer
@ Australian Payments Plus | Sydney, New South Wales, Australia
Senior Cybersecurity Specialist
@ SmartRecruiters Inc | Poland, Poland