Severity: critical (9.8)
First published: Thu Sep 14 2023
Last modified: Tue Sep 19 2023
CWE: 502
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
The vulnerability ID is CVE-2023-38204.
The severity of CVE-2023-38204 is critical with a CVSS score of 9.8.
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier), and 2023u2 (and earlier) are affected by CVE-2023-38204.
CVE-2023-38204 can result in arbitrary code execution.
To mitigate CVE-2023-38204, it is recommended to update Adobe ColdFusion to the latest version available.