CVE-2023-26360
published 2023-03-23CVE-2023-26360: Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could…
PriorityP197critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2023-04-05
Exploited in the wild
EPSS
97.11%
99.9th percentile
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | unspecified – CF2018U15 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
ONEPIECE
bytes↗
x_best_911
- →Webshell activity can be detected by monitoring for OS commands (e.g., whoami) spawning from w3wp.exe (IIS worker process), which is a telltale sign of webshell execution. ↗
- →Hunt for .aspx files placed in image directories (e.g., wwwroot\Images) as a sign of steganographic webshell deployment post-ColdFusion exploitation. ↗
- →Detect the string 'ONEPIECE' in webshell responses or file contents — it appeared in all webshells used throughout this CVE-2023-26360 attack chain. ↗
- →Alert on HTTP requests targeting CFIDE/adminapi paths (e.g., /CFIDE/adminapi/_datasource/, /CFIDE/adminapi/serverinstance.cfc) as these are known exploitation targets for CVE-2023-26360 and CVE-2023-29298. ↗
- →Detect IIS log disabling via appcmd: monitor for execution of '%windir%\system32\inetsrv\appcmd set config /section:httpLogging /dontLog:True' as a post-exploitation defence impairment step. ↗
- →Alert on bulk taskkill commands targeting security tools (sysmon.exe, sysmon64.exe, filebeat.exe, cyserver.exe, SentinelMemoryScanner.exe, SentinelUI.exe, DRwebcom.exe) followed by sc stop/delete for the same services. ↗
- →Hunt for .NET web shell DLLs matching the filename pattern App_Web_{8}[a-z0-9].dll dropped into the ASP.NET temporary files path, associated with post-exploitation activity following CVE-2023-26360. ↗
- →Monitor for timestomped MAC metadata on newly created webshell files, used by threat actors to corrupt forensic timelines after ColdFusion exploitation. ↗
- ·The exact initial access mechanism could not be confirmed due to insufficient logging; ColdFusion exploitation is inferred from historical log artifacts, not direct observation. ↗
- ·The Tropic Trooper/Securelist attribution of CVE-2023-26360 exploitation is assessed with only moderate confidence based on telemetry overlap, not confirmed forensic evidence. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.6HIGH
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p86r-cr5m-73hp: Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that c
ghsa_unreviewed·2023-03-23
CVE-2023-26360 [HIGH] CWE-284 GHSA-p86r-cr5m-73hp: Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that c
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
VulnCheck
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
vulncheck·2023·CVSS 8.6
CVE-2023-26360 [HIGH] CWE-284 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Affected: Adobe ColdFusion
Required Action: Apply updates per vendor instructions.
Exploitation References: https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.rapid7.com/blog/post/2023/03/21/etr-rapid7-observed-exploitation-of-adobe-coldfusion/; https://sosintel.co.uk/flash-alert-cves-of-note-being-exploited-in-the-wild/; https://information.rapid7.com/rs/411-NAK-970/images/Rapid7-2023-Mid-Year-Threat-Review.pdf; https://www.fortiguard.com/outbreak-alert/adobe-coldfusion-code-execution; https://w
CISA
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
cisa·2023-03-15·CVSS 9.8
CVE-2023-26360 [CRITICAL] CWE-284 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Vulnerability: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affected: Adobe ColdFusion
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html; https://nvd.nist.gov/vuln/detail/CVE-2023-26360
Remediation Due Date: 2023-04-05
Suricata
ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M1
suricata·2023-12-06·CVSS 9.8
CVE-2023-26359 [CRITICAL] ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M1
ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M1
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M1"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".cfc?"; content:"method|3d|"; content:"_cfclient|3d|true"; fast_pattern; http.request_body; content:"_variables|3d 7b|"; startswith; reference:cve,2023-26359; reference:cve,2023-26360; reference:url,realalphaman.medium.com/adobe-coldfusion-lfi-lead-to-rce-cve-2023-26359-cve-2023-26360-bd1c4b0e24bc; classtype:attempted-admin; sid:2049530; rev:3; metadata:affected_product Adobe_Coldfusion, attack_target Server, created_at 2023_12_06, cve CVE_2023_26360_CVE_2023_263
Suricata
ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M2
suricata·2023-12-06·CVSS 9.8
CVE-2023-26359 [CRITICAL] ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M2
ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M2
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M2"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".cfc?"; content:"method|3d|"; content:"_cfclient|3d|true"; fast_pattern; http.request_body; content:"_variables|3d|%7b"; startswith; nocase; reference:cve,2023-26359; reference:cve,2023-26360; reference:url,realalphaman.medium.com/adobe-coldfusion-lfi-lead-to-rce-cve-2023-26359-cve-2023-26360-bd1c4b0e24bc; classtype:attempted-admin; sid:2049531; rev:3; metadata:affected_product Adobe_Coldfusion, attack_target Server, created_at 2023_12_06, cve CVE_2023_26360_CVE_
Suricata
ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M1
suricata·2023-12-05·CVSS 8.6
CVE-2023-26360 [HIGH] ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M1
ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M1
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M1"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".cfc?"; nocase; content:"method="; nocase; content:"_cfclient=true"; nocase; fast_pattern; http.request_body; content:"_variables="; nocase; content:"_variables"; distance:0; content:"_metadata"; content:"classname"; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26360.rb; reference:url,www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a; reference:cve,2023-26360; reference:url,attackerkb.com/topics/F36ClHTTIQ/cve-2023-26
Suricata
ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M2
suricata·2023-12-05·CVSS 8.6
CVE-2023-26360 [HIGH] ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M2
ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M2
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M2"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".cfc?"; nocase; content:"method="; nocase; content:"_cfclient=true"; nocase; fast_pattern; http.request_body; content:"_variables="; nocase; content:"cfexecute"; nocase; content:"name"; nocase; distance:0; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26360.rb; reference:url,www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a; reference:cve,2023-26360; reference:url,attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360/rapid7-
Suricata
ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M3
suricata·2023-12-05·CVSS 8.6
CVE-2023-26360 [HIGH] ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M3
ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M3
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M3"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".cfc?"; nocase; content:"method="; nocase; content:"_cfclient=true"; nocase; fast_pattern; http.request_body; content:"_variables="; nocase; content:"cffile"; nocase; content:"action"; nocase; within:100; content:"write"; within:20; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26360.rb; reference:url,www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a; reference:cve,2023-26360; reference:url,attackerkb.com/topics/F36ClH
Exploit-DB
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
exploitdb·2024-03-11·CVSS 8.6
CVE-2023-26360 [HIGH] Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
---
# Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360
# Google Dork: [not]
# Date: [12/28/2023]
# Exploit Author: [Youssef Muhammad]
# Vendor Homepage: [
https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html]
# Software Link: [
https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0]
# Version: [Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and
earlier]
# Tested on: [Windows, Linux]
# CVE : [CVE-2023-26360]
import sys
import requests
import json
BANNER = """
██████ ██ ██ ███████ ██████ ██████ ██████ ██████ ██████ ██████ ██████ ██████ ██████
██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ████
██ ██ ██ █████ █████ █████ ██ ██ ██ █████ █████ █████
Metasploit
Adobe ColdFusion Unauthenticated Arbitrary File Read
metasploit
Adobe ColdFusion Unauthenticated Arbitrary File Read
Adobe ColdFusion Unauthenticated Arbitrary File Read
This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read an arbitrary file from the server. To run this module you must provide a valid ColdFusion Component (CFC) endpoint via the CFC_ENDPOINT option, and a valid remote method name from that endpoint via the CFC_METHOD option. By default an endpoint in the ColdFusion Administrator (CFIDE) is provided. If the CFIDE is not accessible you will need to choose a different CFC endpoint, method and parameters.
Nuclei
Adobe ColdFusion - Local File Read
nuclei·CVSS 9.8
CVE-2023-26360 [CRITICAL] Adobe ColdFusion - Local File Read
Adobe ColdFusion - Local File Read
Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier
Template:
id: CVE-2023-26360
info:
name: Adobe ColdFusion - Local File Read
author: DhiyaneshDK,7own
severity: high
description: |
Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier
impact: |
This vulnerability can lead to unauthorized access to sensitive information stored on the server.
remediation: |
Apply the necessary security patches or updates provided by
Metasploit
Adobe ColdFusion Unauthenticated Remote Code Execution
metasploit
Adobe ColdFusion Unauthenticated Remote Code Execution
Adobe ColdFusion Unauthenticated Remote Code Execution
This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.
Huntress
Defence Impairment Olympics
blogs_huntress·2026-06-29·CVSS 9.8
CVE-2023-26360 [CRITICAL] Defence Impairment Olympics
Acknowledgements: Special thanks to Adrian Garcia, Amelia Casley, Olly Maxwell and Anton Ovrutsky for their contributions to this investigation and write-up.
## Background
At Huntress, we have visibility into various parts of a threat actor's attack chain: including how they enter the victim's environment (initial access), how they research the environment (enumeration), and how they move around the environment (lateral movement). One tactic that we see a fair amount of is defence evasion and defence impairment; or specific measures threat actors take to hide their tracks during an incident and to disable defence mechanisms.
We recently responded to an incident on June 7 where a threat actor initially performed enumeration activity before later carrying out almost a dozen different type
Bleepingcomputer
Adobe warns of critical ColdFusion bug with PoC exploit code
blogs_bleepingcomputer·2024-12-23·CVSS 8.1
CVE-2024-53961 [HIGH] Adobe warns of critical ColdFusion bug with PoC exploit code
## Adobe warns of critical ColdFusion bug with PoC exploit code
## Sergiu Gatlan
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code.
In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers.
"Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read," Adobe said today , while also cautioning customers that it assigned a "Priority 1" severity rating to the flaw because it has a "a higher risk of being targeted, by exploit(s) in the wild for a given product ver
Securelist
Tropic Trooper spies on government entities in the Middle East
blogs_securelist·2024-09-05
Tropic Trooper spies on government entities in the Middle East
Table of Contents
Executive summary
Background
Technical details
Webshells — Umbraco modules
Backdoor implants using DLL search-order hijacking
The datast.dll library
Hunting for new loaders
Recent variants
Updated loader variant in February 2024
New samples
The victim
Attribution
Conclusion
Indicators of Compromise
Authors
Sherif Magdy
## Executive summary
Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.
Sighting th
Securelist
New malicious web shell from the Tropic Trooper group is found in the Middle East
blogs_securelist·2024-09-05
New malicious web shell from the Tropic Trooper group is found in the Middle East
Table of Contents
- Executive summary
- Background
- Technical details
- Hunting for new loaders
- Recent variants
- The victim
- Attribution
- Conclusion
- Indicators of Compromise
Authors
- Sherif Magdy
## Executive summary
Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.
Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic mo
Wiz
Crying Out Cloud - January Newsletter | Wiz
blogs_wiz·2024-01-01·CVSS 8.8
CVE-2023-26360 [HIGH] Crying Out Cloud - January Newsletter | Wiz
This month we’ve seen several vulnerabilities and security incidents that have left users affected. We know you're busy too, so we've sifted through the noise to bring you the real game-changers.
Here are our top picks!
## 🐞 High Profile Vulnerabilities
Adobe ColdFusion RCE vulnerability exploited in-the-wild
CVE-2023-26360 is a critical vulnerability in Adobe ColdFusion that was published in March 2023. This vulnerability could allow an attacker to execute arbitrary code on the remote server in the context of the current user. On December 5, 2023, CISA announced that threat actors were actively exploiting this vulnerability in order to gain initial access to government-owned servers. Customers should update Adobe ColdFusion to the latest version.
According to Wiz data, less than 1% o
Talos
A personal Year in Review to round out 2023
blogs_talos·2023-12-14
A personal Year in Review to round out 2023
As you’ve probably seen by now, Talos released our 2023 Year in Review report last week. It’s an extremely comprehensive look at the top threats, attacker trends and malware families from the past year with never-before-seen Cisco Talos telemetry.
We have podcasts, long-form videos and even Reddit AMAs to keep you covered and make it easy to digest our major takeaways from the report. Or, just kick back with a cup of coffee and read the full report — your choice!
With this being the last Threat Source newsletter of the calendar year, I figured I’d do a Year in Review of my own. I don’t have the data or first-hand research to back any of these statements up, this is purely just vibes-based or things I’ve discovered about myself and my cybersecurity habits over the past year, so while you
Talos
A personal Year in Review to round out 2023
blogs_talos·2023-12-14
A personal Year in Review to round out 2023
## A personal Year in Review to round out 2023
As you’ve probably seen by now, Talos released our 2023 Year in Review report last week. It’s an extremely comprehensive look at the top threats, attacker trends and malware families from the past year with never-before-seen Cisco Talos telemetry.
We have podcasts , long-form videos and even Reddit AMAs to keep you covered and make it easy to digest our major takeaways from the report. Or, just kick back with a cup of coffee and read the full report — your choice!
With this being the last Threat Source newsletter of the calendar year, I figured I’d do a Year in Review of my own. I don’t have the data or first-hand research to back any of these statements up, this is purely just vibes -based or things I’ve discovered about myself and my cybe
Bleepingcomputer
Hackers breach US govt agencies using Adobe ColdFusion exploit
blogs_bleepingcomputer·2023-12-05·CVSS 8.6
CVE-2023-26360 [HIGH] Hackers breach US govt agencies using Adobe ColdFusion exploit
## Hackers breach US govt agencies using Adobe ColdFusion exploit
## Bill Toulas
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6.
At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates.
In an alert today, America's Cyber Defense Agen
Sentinelone
CVE-2023-26360: A Critical Vulnerability in Adobe ColdFusion
blogs_sentinelone·2023-05-25·CVSS 8.6
CVE-2023-26360 [HIGH] CVE-2023-26360: A Critical Vulnerability in Adobe ColdFusion
On March 8, 2023, Adobe released security updates to address a critical vulnerability in Adobe ColdFusion. CVE-2023-26360 is an improper access control vulnerability that could allow an attacker to execute arbitrary code on a vulnerable system.
The vulnerability exists in how ColdFusion handles the deserialization of untrusted data. An attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable ColdFusion server. The request would contain untrusted data that ColdFusion could deserialize and execute as code.
The vulnerability is rated as critical because it does not require user interaction to be exploited. An attacker could exploit this vulnerability without any user interaction as there is no victim here.
## What is Adobe ColdFusion?
Adobe ColdFusi
Sentinelone
CVE-2023-26360: A Critical Vulnerability in Adobe ColdFusion
blogs_sentinelone·2023-05-25·CVSS 8.6
CVE-2023-26360 [HIGH] CVE-2023-26360: A Critical Vulnerability in Adobe ColdFusion
On March 8, 2023, Adobe released security updates to address a critical vulnerability in Adobe ColdFusion. CVE-2023-26360 is an improper access control vulnerability that could allow an attacker to execute arbitrary code on a vulnerable system.
The vulnerability exists in how ColdFusion handles the deserialization of untrusted data. An attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable ColdFusion server. The request would contain untrusted data that ColdFusion could deserialize and execute as code.
The vulnerability is rated as critical because it does not require user interaction to be exploited. An attacker could exploit this vulnerability without any user interaction as there is no victim here.
## What is Adobe ColdFusion?
Adobe ColdFusi
Sentinelone
Evolution of Cloud Security | Looking At Cloud Posture Management Throughout the Decades
blogs_sentinelone·2023-05-24
Evolution of Cloud Security | Looking At Cloud Posture Management Throughout the Decades
When cloud computing saw its earliest waves of adoption, businesses only had to decide whether or not they wanted to adopt it. The notion of cloud security in these first few years came as a secondary consideration. Though cloud computing has undergone many improvements since it made a splash following the advent of the World Wide Web, the challenge of cloud security has only become more complex and the need for it more acute.
Today’s hyperconnected world sees the cloud surface face a variety of risks from ransomware and supply chain attacks to insider threats and misconfigurations . As more businesses have moved their operations and sensitive data to the cloud, securing this environment against developing threats continues to be an ever-changing challenge for leaders.
This post walks th
Checkpoint
20th March – Threat Intelligence Report
blogs_checkpoint·2023-03-20·CVSS 7.1
CVE-2023-0669 [HIGH] 20th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th March, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
Hitachi Energy reported a data breach caused by the Clop ransomware group which exploited a zero-day vulnerability (CVE-2023-0669) in the Fortra GoAnywhere MFT system, which was used by Hitachi.
Check Point IPS, Threat Emulation and Harmony Endpoint provide protection against this threat (GoAnywhere MFT Insecure Deserializatio
Qualys
The March 2023 Patch Tuesday Security Update Review | Qualys
blogs_qualys·2023-03-15·CVSS 9.8
[CRITICAL] The March 2023 Patch Tuesday Security Update Review | Qualys
#### Table of Contents
- Microsoft Patches for March 2023
- Adobe Patches for March 2023
- Zero-day Vulnerabilities Patched in March Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in March Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
- This Month in Vulnerabilities & Patches
Microsoft has released its monthly security update for March 2023. This month’s updates addressed various vulnerabilities in different products. Let’s go through this month’s Patch Tuesday details and discuss
Qualys
The March 2023 Patch Tuesday Security Update Review
blogs_qualys·2023-03-15·CVSS 9.8
[CRITICAL] The March 2023 Patch Tuesday Security Update Review
## Table of Contents
Microsoft Patches for March 2023
Adobe Patches for March 2023
Zero-day Vulnerabilities Patched in March Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in March Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
This Month in Vulnerabilities & Patches
Microsoft has released its monthly security update for March 2023. This month’s updates addressed various vulnerabilities in different products. Let’s go through this month’s Patch Tuesday details and discuss the security
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
HackerOne
Unauthenticated File Read Adobe ColdFusion
hackerone·2026-01-12·CVSS 8.6
CVE-2023-26360 [HIGH] Unauthenticated File Read Adobe ColdFusion
Unauthenticated File Read Adobe ColdFusion
Hi DOD,
I have found CVE-2023-26360 in ███. It leads to an Unauthenticated Arbitrary File Read vulnerability due to the de serialization of untrusted data in Adobe ColdFusion. The password **hash** is disclosed: `password=1B3C0648D519755588B7CE5BDBFD4A88E6C7998AF32309665E6966932720F3BA`
## References
- https://hackerone.com/reports/2248781
## Impact
The impact of this vulnerability could result in unauthorized access to sensitive data and actions within the affected Adobe ColdFusion instances.
## System Host(s)
afit.edu
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2023-26360
## Steps to Reproduce
1. Open Burpsuite set the target to ████
2. Use the exploit below:
```bash
POST /cf_scripts/scripts/ajax/ckeditor/plugins/fileman
HackerOne
Unauthenticated File Read Adobe ColdFusion
hackerone·2023-12-21·CVSS 8.6
[HIGH] Unauthenticated File Read Adobe ColdFusion
Unauthenticated File Read Adobe ColdFusion
Unauthenticated Arbitrary File Read vulnerability due to de serialization of untrusted data in Adobe ColdFusion.
## Impact
The impact of this vulnerability could result in unauthorized access to sensitive data and actions within the affected Adobe ColdFusion instances.
## System Host(s)
█████████
## Affected Product(s) and Version(s)
The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier
## CVE Numbers
CVE-2023-26360
## Steps to Reproduce
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc?method=wizardHash&_cfclient=true&returnFormat=wddx&inPassword=foo HTTP/1.1
Host: ███
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/8
http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.htmlhttps://helpx.adobe.com/security/products/coldfusion/apsb23-25.htmlhttp://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.htmlhttps://helpx.adobe.com/security/products/coldfusion/apsb23-25.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26360
2023-03-23
Published
2023-03-15
Added to CISA KEV
Exploited in the wild