Dark Reading7 Dec 2023
CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw
Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Adobe · ColdFusion
Known ransomware use: Unknown
Follow the source advisory and validate exposure in your environment.
Apply updates per vendor instructions.
Recent reporting that mentions CVE-2023-26360.
Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...]