Adobe Deserialization of Untrusted Data Vulnerability

According to the vulnerability report released on 20th of July; Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability which could result in Arbitrary code execution.

Exploitation of this issue does not require user interaction. (CVE-2023-38203)

Affected Systems

Configuration 1
cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update15:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update16:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update17:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*

IoC’s

Current Security Vulnerability Reports

SolarWinds Serv-U Remote Code Execution Vulnerability

21/07/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-34473

21/07/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-31206

21/07/2021

VMware VCenter Remote Code Execution Vulnerability

26/05/2021

Microsoft Exchange Server Remote Code Execution Vulnerabilities

14/04/2021

March 2021 Microsoft Exchange 0-Day Reports

03/03/2021

Spectre Vulnerability Exploitation

03/03/2021

Masslogger Phishing Campaign

19/02/2021

SolarWinds: Raindrop Malware

20/01/2021

SolarWinds Orion API Authentication Bypass Vulnerability

28/12/2020

SolarWinds Sunburst Attack Campaign

22/12/2020

StrongPity Watering Hole

07/07/2020

Microsoft SMBv3 Compression Vulnerability

11/03/2020

Critical Microsoft Vulnerability – March 2020

11/03/2020

MS Exchange Validation Key Remote Code Execution Vulnerability

28/02/2020

İSTANBUL

+90 216 504 53 30

+90 216 504 53 32

info@barikat.com.tr

Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul

ANKARA

+90 312 235 44 41

+90 312 235 44 51

info@barikat.com.tr

Mustafa Kemal Mahallesi, Dumlupınar Bulvarı No:164, Kentpark Ofis, Kat:4 Daire:06 Çankaya, 06510 Ankara, Turkey

AMSTERDAM

+90 216 504 53 30

+90 216 504 53 32

info@barikatbv.com

Millenium Tower Floor 29, Radarweg 29 1045 XN Amsterdam, Netherlands

VULNERABILITY NEWSLETTER

You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.

Adobe Deserialization of Untrusted Data Vulnerability