CVE-2023-26360

HIGH CISA KEV EPSS 99.9%
Published Mar 23, 20233y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
High
Find Similar
Published Mar 23, 2023 3y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Mar 15, 2023 3y ago
KEV Due Apr 5, 2023 1186d overdue

Description

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

CISA Known Exploited Overdue 1186d
Added
Mar 15, 2023
Due
Apr 5, 2023

Apply updates per vendor instructions.

EPSS Exploit Probability
99.9% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-284

Affected Products 22

VendorProductVersionRange
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2018any
adobecoldfusion2021any
adobecoldfusion2021any
adobecoldfusion2021any
adobecoldfusion2021any
adobecoldfusion2021any
adobecoldfusion2021any

References 3

  • packetstormsecurity.com http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html
    ExploitThird Party AdvisoryVDB Entry
  • helpx.adobe.com https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
    PatchVendor Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26360
    Third Party AdvisoryUS Government Resource

Remediation

  • helpx.adobe.com https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
    PatchVendor Advisory