Description
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Adobe | ColdFusion | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Mon, 16 Sep 2024 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | ColdFusion Mass Assignment Vulnerability via argumentCollection values passed to Remote CFC Methods | ColdFusion | Deserialization of Untrusted Data (CWE-502) |
MITRE
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2024-09-16T12:57:22.438Z
Reserved: 2023-09-28T16:25:40.451Z
Link: CVE-2023-44350
Vulnrichment
Updated: 2024-08-02T20:07:32.158Z
NVD
Status : Modified
Published: 2023-11-17T14:15:21.293
Modified: 2024-11-21T08:25:43.997
Link: CVE-2023-44350
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses