Description

Due to a vulnerability in ColdFusion components(.cfc) metadata handling, an unauthenticated attacker can execute arbitrary code or read files on the server

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-25

CVE-2023-26359

Related Vulnerabilities

WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (2.0.2)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'title' Parameter Multiple Cross-Site Scripting Vulnerabilities (3.7.3.5)

Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)

WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (0.9.1)

Artifactory Insufficiently Protected Credentials Vulnerability (CVE-2020-2164)

Severity

High

Classification

CVE-2023-26359 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization Code Execution Known Vulnerabilities Missing Update