all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities (CVE-2023-26359, CVE-2023-26360)

Add to bookmarks
Aug. 24, 2023, 7:13 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is Adobe ColdFusion?





Adobe ColdFusion is a commercial rapid web-application and mobile applications development platform.








What is the Attack?




CVE-2023-26359 and CVE-2023-26360 are deserialization of untrusted data vulnerabilities that affect Adobe ColdFusion. Successful exploitation of the vulnerabilities could allow unauthenticated attackers to achieve arbitrary code execution.

CVE-2023-26359 has a CVSS score of 9.8 and is rated critical by Adobe. CVE-2023-26360 has a CVSS score of 8.6 and is rated critical by Adobe.






Why is this Significant?




This is significant …

adobe adobe coldfusion application applications attack attackers code code execution coldfusion commercial cve cve-2023-26359 cve-2023-26360 cvss data deserialization development exploitation mobile mobile applications platform rapid unauthenticated untrusted vulnerabilities web what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 4 days, 18 hours ago | fortiguard.fortinet.com
browser can chrome chromium +15
GitLab Password Reset Vulnerability (CVE-2023-7028) 1 week ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 1 week, 2 days ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 week, 4 days ago | fortiguard.fortinet.com
access advisory application attackers +29
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 weeks, 3 days ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 2 weeks, 4 days ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 3 weeks, 3 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 3 weeks, 3 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 month ago | fortiguard.fortinet.com
advisory attack code code injection +27

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street
View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark
View on infosec-jobs.com