Adobe has released updates for Adobe Coldfusion in order to address a critical security vulnerability. This comes after proof-of-concept code demonstrating the exploitation of the vulnerability was discovered in a blog. On Wednesday, Adobe released patches for three security vulnerabilities, including one classified as critical. However, on Friday, a security advisory was published warning of a new critical vulnerability in Coldfusion 2023, 2022, and 2018 that allows for the injection and execution of arbitrary code. The manufacturer, Adobe, has not provided specific details about the vulnerability, but has stated that it involves errors in the deserialization of untrustworthy data (CVE-2023-38203, CVSS 9.8, risk level “critical”). Additionally, Adobe is aware that a proof of concept has been posted on a blog, increasing the likelihood of criminal organizations incorporating the exploit into their arsenal. The updated versions, Adobe Coldfusion 2018 Update 18, 2021 Update 8, and 2023 Update 2, have been released to address the security leak. Adobe has provided separate update instructions and further information for each individual version. This vulnerability has been given a priority rating of 1, indicating a high likelihood of attacks in the wild. Adobe advises IT managers to install the updates as soon as possible.
