Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html | Vendor Advisory |
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html - Vendor Advisory |
19 Sep 2023, 02:02
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html - Vendor Advisory | |
First Time |
Adobe coldfusion
Adobe |
|
CPE | cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update18:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:* |
14 Sep 2023, 13:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-14 08:15
Updated : 2024-11-21 08:13
NVD link : CVE-2023-38204
Mitre link : CVE-2023-38204
CVE.ORG link : CVE-2023-38204
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-502
Deserialization of Untrusted Data