Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”. CVE-2023-26360 … More
The post CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) appeared first on Help Net Security.