Skip to main content

Adobe ColdFusion Vulnerability Alert | July 2023

By Travelers
1 minute

There are critical vulnerabilities in Adobe ColdFusion. Here's what you need to know.

Background

Adobe released an advisory detailing critical security flaws (CVE-2023-38204, CVE-2023-38205, and CVE-2023-38206) in their ColdFusion product, often used for web application development and delivery. The vulnerabilities allow for an unauthenticated attacker to execute arbitrary code or commands. Adobe reports that at least one of the flaws is being actively exploited. Security patches have been released and should be applied as soon as possible.

Impact

The vulnerabilities affect the following Adobe ColdFusion products and versions:

Product Update number Platform
ColdFusion 2023 Update 2 and earlier versions All
ColdFusion 2021 Update 8 and earlier versions All
ColdFusion 2018
Update 18 and earlier versions

All

Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network.

Next steps

Download and install the latest version of the affected products:

Related articles