CVE-2023-38203 — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

2024-01-08 • CISA Known Exploited Vulnerability

[event] Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	Adobe
Product	ColdFusion
CWE	CWE-502
CVE ID	CVE-2023-38203
Date Added	2024-01-08
Due Date	2024-01-29
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-01-29