all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities (CVE-2023-26359, CVE-2023-26360)

Add to bookmarks
Aug. 24, 2023, 7:13 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is Adobe ColdFusion?





Adobe ColdFusion is a commercial rapid web-application and mobile applications development platform.








What is the Attack?




CVE-2023-26359 and CVE-2023-26360 are deserialization of untrusted data vulnerabilities that affect Adobe ColdFusion. Successful exploitation of the vulnerabilities could allow unauthenticated attackers to achieve arbitrary code execution.

CVE-2023-26359 has a CVSS score of 9.8 and is rated critical by Adobe. CVE-2023-26360 has a CVSS score of 8.6 and is rated critical by Adobe.






Why is this Significant?




This is significant …

adobe adobe coldfusion application applications attack attackers code code execution coldfusion commercial cve cve-2023-26359 cve-2023-26360 cvss data deserialization development exploitation mobile mobile applications platform rapid unauthenticated untrusted vulnerabilities web what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028) 1 day, 3 hours ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 days, 3 hours ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 3 days, 7 hours ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 1 week, 2 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 1 week, 2 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 2 weeks, 4 days ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 month ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 1 month ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 1 month, 1 week ago | fortiguard.fortinet.com
access application application developers attackers +31

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs