CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
First published: Wed Jul 12 2023(Updated: )
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =2018 | |
| Adobe ColdFusion | =2018-update1 | |
| Adobe ColdFusion | =2018-update2 | |
| Adobe ColdFusion | =2018-update3 | |
| Adobe ColdFusion | =2018-update4 | |
| Adobe ColdFusion | =2018-update5 | |
| Adobe ColdFusion | =2018-update6 | |
| Adobe ColdFusion | =2018-update7 | |
| Adobe ColdFusion | =2018-update8 | |
| Adobe ColdFusion | =2018-update9 | |
| Adobe ColdFusion | =2018-update10 | |
| Adobe ColdFusion | =2021 | |
| Adobe ColdFusion | =2021-update1 | |
| Adobe ColdFusion | =2021-update2 | |
| Adobe ColdFusion | =2021-update3 | |
| Adobe ColdFusion | =2018-update13 | |
| Adobe ColdFusion | =2018-update12 | |
| Adobe ColdFusion | =2018-update11 | |
| Adobe ColdFusion | =2021-update4 | |
| Adobe ColdFusion | =2018-update14 | |
| Adobe ColdFusion | =2021-update5 | |
| Adobe ColdFusion | =2018-update15 | |
| Adobe ColdFusion | =2018-update16 | |
| Adobe ColdFusion | =2021-update6 | |
| Adobe ColdFusion | >=2023<=2023.0.0.330468 | |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Adobe ColdFusion?
The vulnerability ID for Adobe ColdFusion is CVE-2023-29300.
What is the severity of CVE-2023-29300?
The severity of CVE-2023-29300 is critical.
Which versions of Adobe ColdFusion are affected by CVE-2023-29300?
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier), and 2023.0.0.330468 (and earlier) are affected by CVE-2023-29300.
What is the impact of the vulnerability CVE-2023-29300?
The vulnerability CVE-2023-29300 could result in arbitrary code execution.
How can I fix the vulnerability CVE-2023-29300?
To fix the vulnerability CVE-2023-29300, update Adobe ColdFusion to a version that is not affected by the vulnerability.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/remedy
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2022-47966
- alias/CVE-2023-4966
- alias/CVE-2023-29300
- alias/CVE-2023-38203
- agent/references
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/event
- collector/nvd-cve
- agent/last-modified-date
- agent/tags
- agent/trending
- agent/source
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/2018
- version/adobe coldfusion/2018-update1
- version/adobe coldfusion/2018-update2
- version/adobe coldfusion/2018-update3
- version/adobe coldfusion/2018-update4
- version/adobe coldfusion/2018-update5
- version/adobe coldfusion/2018-update6
- version/adobe coldfusion/2018-update7
- version/adobe coldfusion/2018-update8
- version/adobe coldfusion/2018-update9
- version/adobe coldfusion/2018-update10
- version/adobe coldfusion/2021
- version/adobe coldfusion/2021-update1
- version/adobe coldfusion/2021-update2
- version/adobe coldfusion/2021-update3
- version/adobe coldfusion/2018-update13
- version/adobe coldfusion/2018-update12
- version/adobe coldfusion/2018-update11
- version/adobe coldfusion/2021-update4
- version/adobe coldfusion/2018-update14
- version/adobe coldfusion/2021-update5
- version/adobe coldfusion/2018-update15
- version/adobe coldfusion/2018-update16
- version/adobe coldfusion/2021-update6
- version/adobe coldfusion/2023
- version/adobe coldfusion/2023.0.0.330468