Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-26359 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is utilized by exploiting a public-facing server.
References
|
| CVE-2023-26359 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is utilized by exploiting a public-facing server.
References
|