all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)

Add to bookmarks
July 18, 2023, 2:06 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with incomplete fixes On July 11, 2023, Adobe released security updates for ColdFusion versions  2023, 2021 and  2018 containing fixes for three vulnerabilities: CVE-2023-29298, a critical improper access control flaw that could allow attackers to bypass a security feature (reported by Rapid7’s Stephen … More


The post …

0 day access adobe adobe coldfusion attackers breach coldfusion control cve don't miss enable exploit exploited exploiting fixes flaws hot stuff install july persistent project discovery rapid7 remote control researchers security security update security updates servers shells system updates vulnerabilities vulnerability web

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams an hour ago | www.helpnetsecurity.com
ai-powered application application security assistant +30
FCC fines major wireless carriers over illegal location data sharing an hour ago | www.helpnetsecurity.com
access att carriers communications +26
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades an hour ago | www.helpnetsecurity.com
alto attackers aware concept +24
Cybersixgill Third-Party Intelligence module identifies potential supply chain risks 2 hours ago | www.helpnetsecurity.com
action cyber cybersecurity cybersixgill +25
ESET launches two MDR subscription tiers for SMBs and enterprises 4 hours ago | www.helpnetsecurity.com
and response businesses detection detection and response +15
ThreatX provides always-active API security from development to runtime 5 hours ago | www.helpnetsecurity.com
api api security application application protection +19
CyberQP unveils solutions to help MSPs proactively prevent security incidents 5 hours ago | www.helpnetsecurity.com
account api capabilities cyberqp +16
Triangulation fraud: The costly scam hitting online retailers 9 hours ago | www.helpnetsecurity.com
ai-powered america artificial intelligence attacks +33
Tracecat: Open-source SOAR 9 hours ago | www.helpnetsecurity.com
ai models alerts automation best practices +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Engineer

@ Commit | San Francisco
View on infosec-jobs.com

Trainee (m/w/d) Security Engineering CTO Taskforce Team

@ CHECK24 | Berlin, Germany
View on infosec-jobs.com

Security Engineer

@ EY | Nicosia, CY, 1087
View on infosec-jobs.com

Information System Security Officer (ISSO) Level 3-COMM Job#455

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Application Security Engineer

@ Wise | London, United Kingdom
View on infosec-jobs.com
View more jobs