virus logo Web Application Security

Adobe.ColdFusion.ToTemplateProxy.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Adobe Systems ColdFusion.
The vulnerability is due to deserialization of untrusted data when processing HTTP parameters sent to ColdFusion Component (CFC) endpoints. A remote, unauthenticated, attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the security context of SYSTEM.

description-logoOutbreak Alert

FortiGuard Labs continue to see cyber-attacks targeting to exploit the ColdFusion vulnerability CVE-2023-26360. Blocking over multiple hundreds of attacks over the last weeks.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Adobe Systems ColdFusion 2018 update 15 and prior
Adobe Systems ColdFusion 2021 update 5 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Version Updates

Date Version Detail
2023-08-15 0.00355

CVE References

CVE-2023-26360
ID 1090501863
Created Aug 15, 2023
Updated Aug 15, 2023
Outbreak Alert Adobe ColdFusion Code Execution
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux, MacOS
Affected App Adobe
Engine Version 5.0.0 or later