CVE-2023-44353

critical-risk
Published 2023-11-17

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Do I need to act?

!
89.4% chance of exploitation in next 30 days
EPSS score — higher than 11% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (19)

Affected Vendors

Adobe

References (2)

Release Notes https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html
Release Notes https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html
71
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 19/34 · Moderate