1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2023-29300

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-29300 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability can be utilized by exploited a public-facing application. APT groups have used this exploit to deploy webshells.
References
  1. https://teamt5.org/en/posts/alerts-of-exploiting-adobe-cold-fusion-cve-2023-29300/
CVE-2023-29300 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability can be utilized by exploited a public-facing application. APT groups have used this exploit to deploy webshells.
References
  1. https://teamt5.org/en/posts/alerts-of-exploiting-adobe-cold-fusion-cve-2023-29300/