What is CVE-2023-38203?

CVE-2023-38203 is a Deserialization of Untrusted Data vulnerability in Adobe ColdFusion versions 2018u17, 2021u7, and 2023u1.

How severe is CVE-2023-38203?

CVE-2023-38203 has a severity rating of 9 (critical).

How can CVE-2023-38203 be exploited?

Exploitation of CVE-2023-38203 does not require user interaction.

How can I fix CVE-2023-38203?

To fix CVE-2023-38203, update to a version of Adobe ColdFusion that is later than 2018u17, 2021u7, or 2023u1.

Vulnerability/
CVE-2023-38203

Exploited

critical

9.8

CWE

502

20/7/2023

9/1/2024

CVE-2023-38203: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

First published: Thu Jul 20 2023(Updated: )

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=2018
Adobe ColdFusion	=2018-update1
Adobe ColdFusion	=2018-update2
Adobe ColdFusion	=2018-update3
Adobe ColdFusion	=2018-update4
Adobe ColdFusion	=2018-update5
Adobe ColdFusion	=2018-update6
Adobe ColdFusion	=2018-update7
Adobe ColdFusion	=2018-update8
Adobe ColdFusion	=2018-update9
Adobe ColdFusion	=2018-update10
Adobe ColdFusion	=2021
Adobe ColdFusion	=2021-update1
Adobe ColdFusion	=2021-update2
Adobe ColdFusion	=2021-update3
Adobe ColdFusion	=2018-update13
Adobe ColdFusion	=2018-update12
Adobe ColdFusion	=2018-update11
Adobe ColdFusion	=2021-update4
Adobe ColdFusion	=2018-update14
Adobe ColdFusion	=2021-update5
Adobe ColdFusion	=2018-update15
Adobe ColdFusion	=2018-update16
Adobe ColdFusion	=2021-update6
Adobe ColdFusion	=2021-update7
Adobe ColdFusion	=2023-update1
Adobe ColdFusion	=2023
Adobe ColdFusion	=2018-update17
	=2018
	=2018-update1
	=2018-update10
	=2018-update11
	=2018-update12
	=2018-update13
	=2018-update14
	=2018-update15
	=2018-update16
	=2018-update17
	=2018-update2
	=2018-update3
	=2018-update4
	=2018-update5
	=2018-update6
	=2018-update7
	=2018-update8
	=2018-update9
	=2021
	=2021-update1
	=2021-update2
	=2021-update3
	=2021-update4
	=2021-update5
	=2021-update6
	=2021-update7
	=2023
	=2023-update1

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Remedy

https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-38203?
CVE-2023-38203 is a Deserialization of Untrusted Data vulnerability in Adobe ColdFusion versions 2018u17, 2021u7, and 2023u1.
How severe is CVE-2023-38203?
CVE-2023-38203 has a severity rating of 9 (critical).
How can CVE-2023-38203 be exploited?
Exploitation of CVE-2023-38203 does not require user interaction.
What is the affected software?
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier), and 2023u1 (and earlier) are affected by CVE-2023-38203.
How can I fix CVE-2023-38203?
To fix CVE-2023-38203, update to a version of Adobe ColdFusion that is later than 2018u17, 2021u7, or 2023u1.

collector/nvd-latest
collector/nvd-index
agent/type
agent/first-publish-date
agent/remedy
agent/last-modified-date
agent/author
agent/softwarecombine
agent/description
agent/event
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/weakness
agent/severity
agent/references
agent/title
agent/tags
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2023-50164
alias/CVE-2022-33891
alias/CVE-2023-29298
alias/CVE-2023-38203
alias/CVE-2023-26360
alias/CVE-2023-35082
alias/CVE-2024-27198
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2018
version/adobe coldfusion/2018-update1
version/adobe coldfusion/2018-update2
version/adobe coldfusion/2018-update3
version/adobe coldfusion/2018-update4
version/adobe coldfusion/2018-update5
version/adobe coldfusion/2018-update6
version/adobe coldfusion/2018-update7
version/adobe coldfusion/2018-update8
version/adobe coldfusion/2018-update9
version/adobe coldfusion/2018-update10
version/adobe coldfusion/2021
version/adobe coldfusion/2021-update1
version/adobe coldfusion/2021-update2
version/adobe coldfusion/2021-update3
version/adobe coldfusion/2018-update13
version/adobe coldfusion/2018-update12
version/adobe coldfusion/2018-update11
version/adobe coldfusion/2021-update4
version/adobe coldfusion/2018-update14
version/adobe coldfusion/2021-update5
version/adobe coldfusion/2018-update15
version/adobe coldfusion/2018-update16
version/adobe coldfusion/2021-update6
version/adobe coldfusion/2021-update7
version/adobe coldfusion/2023-update1
version/adobe coldfusion/2023
version/adobe coldfusion/2018-update17

CVE-2023-38203: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-38203?

How severe is CVE-2023-38203?

How can CVE-2023-38203 be exploited?

What is the affected software?

How can I fix CVE-2023-38203?

Company

Resources

Contact