CVE-2023-26359: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
First published: Thu Mar 23 2023(Updated: )
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =2018 | |
| Adobe ColdFusion | =2018-update1 | |
| Adobe ColdFusion | =2018-update10 | |
| Adobe ColdFusion | =2018-update11 | |
| Adobe ColdFusion | =2018-update12 | |
| Adobe ColdFusion | =2018-update13 | |
| Adobe ColdFusion | =2018-update14 | |
| Adobe ColdFusion | =2018-update15 | |
| Adobe ColdFusion | =2018-update2 | |
| Adobe ColdFusion | =2018-update3 | |
| Adobe ColdFusion | =2018-update4 | |
| Adobe ColdFusion | =2018-update5 | |
| Adobe ColdFusion | =2018-update6 | |
| Adobe ColdFusion | =2018-update7 | |
| Adobe ColdFusion | =2018-update8 | |
| Adobe ColdFusion | =2018-update9 | |
| Adobe ColdFusion | =2021 | |
| Adobe ColdFusion | =2021-update1 | |
| Adobe ColdFusion | =2021-update2 | |
| Adobe ColdFusion | =2021-update3 | |
| Adobe ColdFusion | =2021-update4 | |
| Adobe ColdFusion | =2021-update5 | |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-26359?
CVE-2023-26359 is a vulnerability in Adobe ColdFusion that allows for code execution by exploiting the deserialization of untrusted data.
How does the Adobe ColdFusion Deserialization of Untrusted Data Vulnerability work?
The vulnerability occurs due to a flaw in the deserialization process of untrusted data, allowing an attacker to execute arbitrary code in the context of the current user.
What is the severity of CVE-2023-26359?
CVE-2023-26359 has a severity rating of critical.
How can I fix the Adobe ColdFusion Deserialization of Untrusted Data Vulnerability?
To fix the vulnerability, Adobe has released a security update. It is recommended to update to the latest version of Adobe ColdFusion as soon as possible.
Where can I find more information about CVE-2023-26359?
You can find more information about CVE-2023-26359 on Adobe's official security bulletin at the following link: <a href='https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html'>https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html</a>
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/title
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/2018
- version/adobe coldfusion/2018-update1
- version/adobe coldfusion/2018-update10
- version/adobe coldfusion/2018-update11
- version/adobe coldfusion/2018-update12
- version/adobe coldfusion/2018-update13
- version/adobe coldfusion/2018-update14
- version/adobe coldfusion/2018-update15
- version/adobe coldfusion/2018-update2
- version/adobe coldfusion/2018-update3
- version/adobe coldfusion/2018-update4
- version/adobe coldfusion/2018-update5
- version/adobe coldfusion/2018-update6
- version/adobe coldfusion/2018-update7
- version/adobe coldfusion/2018-update8
- version/adobe coldfusion/2018-update9
- version/adobe coldfusion/2021
- version/adobe coldfusion/2021-update1
- version/adobe coldfusion/2021-update2
- version/adobe coldfusion/2021-update3
- version/adobe coldfusion/2021-update4
- version/adobe coldfusion/2021-update5