1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2023-26359

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability is utilized by exploiting a public-facing server.
References
  1. https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is utilized by exploiting a public-facing server.
References
  1. https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html