#REF: 188 #Released on: 19/07/2023

High

Components Affected

• ColdFusion 2018 – Update 17 and earlier versions

• ColdFusion 2021 – Update 7 and earlier versions

• ColdFusion 2023 – Update 1 and earlier versions

Overview

A vulnerability was identified in Adobe ColdFusion. Where a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

Description

Attackers are exploiting this Adobe ColdFusion vulnerability tracked as CVE-2023-38203, is used to breach servers and install web shells to enable persistent access and allow remote control of the system. Therefore, customers are required to update to the latest versions to apply the necessary security patches for this vulnerability.

Impact

• Remote Code Execution

Solution/ Workarounds

Apply fixes issued by the vendor:

•https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html

Reference

•https://www.hkcert.org/security-bulletin/adobe-products-remote-code-executionvulnerability_20230718

•https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.