Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1071.001	Web Protocols	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1105	Ingress Tool Transfer	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1046	Network Service Discovery	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1003.001	LSASS Memory	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1036.005	Match Legitimate Name or Location	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1484.001	Group Policy Modification	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	secondary_impact	T1505.003	Web Shell	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	primary_impact	T1059.007	JavaScript	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf
CVE-2023-26360	Adobe ColdFusion Deserialization of Untrusted Data Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments This vulnerability gives an adversary access through exploitation of a public-facing server. References https://www.cisa.gov/sites/default/files/2023-12/aa23-339a-threat-actors-exploit-adobe-coldfusion-cve-2023-26360.pdf