Description

Due to a vulnerability in ColdFusion components(.cfc) metadata handling, an unauthenticated attacker can execute arbitrary code or read files on the server

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-25

CVE-2023-26359

Related Vulnerabilities

Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-6659)

WordPress Plugin VK All in One Expansion Unit Cross-Site Scripting (9.85.0.1)

PostgreSQL Numeric Errors Vulnerability (CVE-2013-1900)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15733)

OpenSSL Resource Management Errors Vulnerability (CVE-2016-2109)

Severity

High

Classification

CVE-2023-26359 CVE-2023-26360 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization Code Execution Known Vulnerabilities Missing Update