1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2023-38203 Mappings

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-38203 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability can be utilized by exploited a public-facing application. APT groups have used this exploit to deploy webshells.
References
  1. https://threatprotect.qualys.com/2023/07/18/adobe-coldfusion-vulnerabilities-exploited-in-the-attacks-in-dropping-webshell-cve-2023-29298-cve-2023-29300-and-cve-2023-38203/
CVE-2023-38203 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability can be utilized by exploited a public-facing application. APT groups have used this exploit to deploy webshells.
References
  1. https://threatprotect.qualys.com/2023/07/18/adobe-coldfusion-vulnerabilities-exploited-in-the-attacks-in-dropping-webshell-cve-2023-29298-cve-2023-29300-and-cve-2023-38203/