April 1, 2023

The U.S. CISA has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 with a CVSS score: 8.6, to its Known Exploited Vulnerabilities Catalog.

Adobe as a part of routine patch tuesday, released security updates for ColdFusion versions 2021 and 2018 to resolve the critical flaw CVE-2023-26360 that was exploited in very limited attacks.

The vulnerability is an Improper Access Control that can allow a remote attacker to execute arbitrary code. The vulnerability could also lead to arbitrary file system read and memory leak.

As per the advisory, Adobe is aware that CVE-2023-26360 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion.

CISA orders federal agencies to fix this flaw by April 5, 2023.

The US Agency also added the following vulnerabilities to the catalog that must be addressed by April 4, 2023.

  • CVE-2023-23397 â€“ Microsoft Office Outlook Privilege Escalation Vulnerability.
  • CVE-2023-24880 â€“ Microsoft Windows SmartScreen Security Feature Bypass Vulnerability.
  • CVE-2022-41328 â€“ Fortinet FortiOS Path Traversal Vulnerability.
Tags:

Leave a Reply

You may have missed

Cylance Ransomware Dissection

Cylance Ransomware Dissection

April 1, 2023
WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
QNAP Critical Sudo Vulnerability

QNAP Critical Sudo Vulnerability

March 31, 2023
AlienFox Malware Toolset -SwissArmy Knife

AlienFox Malware Toolset -SwissArmy Knife

March 31, 2023
3CX Application Malvertised

3CX Application Malvertised

March 31, 2023
Microsoft Azure Super FabriXss Bug

Microsoft Azure Super FabriXss Bug

March 31, 2023
%d bloggers like this: