CVE-2023-44350

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-44350
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*
History

23 Nov 2023, 03:39

Type Values Removed Values Added
References () https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html - () https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html - Release Notes, Vendor Advisory
First Time Adobe
Adobe coldfusion
CPE cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*

17 Nov 2023, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-17 14:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-44350

Mitre link : CVE-2023-44350

CVE.ORG link : CVE-2023-44350

JSON object : View

Products Affected

adobe

  • coldfusion
CWE
CWE-502

Deserialization of Untrusted Data