CVE-2023-44351Deserialization of Untrusted Data in Adobe Coldfusion

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
32.0%
top 3.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedNov 17

Description

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDadobe/coldfusion< 2021+2
CVEListV5adobe/coldfusion2021.11

🔴Vulnerability Details

2
CVEList
Adobe ColdFusion RCE Security Vulnerability2023-11-17
GHSA
GHSA-c646-q547-q9p8: Adobe ColdFusion versions 20232023-11-17
CVE-2023-44351 — Deserialization of Untrusted Data | cvebase