CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2023-29298 Adobe ColdFusion Improper Access Control Vulnerability
- CVE-2023-38205 Adobe ColdFusion Improper Access Control Vulnerability
The remediation timeline for these vulnerabilities set as 10 August 2023.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise
BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.