Logo
vuln-group

CVE-2023-38204

Severity: critical (9.8)

First published: Thu Sep 14 2023

Last modified: Tue Sep 19 2023

CWE: 502

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Any of

  • Adobe ColdFusion
    2018
  • Adobe ColdFusion
    2018-update1
  • Adobe ColdFusion
    2018-update10
  • Adobe ColdFusion
    2018-update11
  • Adobe ColdFusion
    2018-update12
  • Adobe ColdFusion
    2018-update13
  • Adobe ColdFusion
    2018-update14
  • Adobe ColdFusion
    2018-update15
  • Adobe ColdFusion
    2018-update16
  • Adobe ColdFusion
    2018-update18
  • Adobe ColdFusion
    2018-update2
  • Adobe ColdFusion
    2018-update3
  • Adobe ColdFusion
    2018-update4
  • Adobe ColdFusion
    2018-update5
  • Adobe ColdFusion
    2018-update6
  • Adobe ColdFusion
    2018-update7
  • Adobe ColdFusion
    2018-update8
  • Adobe ColdFusion
    2018-update9
  • Adobe ColdFusion
    2021
  • Adobe ColdFusion
    2021-update1
  • Adobe ColdFusion
    2021-update2
  • Adobe ColdFusion
    2021-update3
  • Adobe ColdFusion
    2021-update4
  • Adobe ColdFusion
    2021-update5
  • Adobe ColdFusion
    2021-update6
  • Adobe ColdFusion
    2021-update7
  • Adobe ColdFusion
    2021-update8
  • Adobe ColdFusion
    2023
  • Adobe ColdFusion
    2023-update1
  • Adobe ColdFusion
    2023-update2
SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia
© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203