WEB Adobe ColdFusion CVE-2023-38204 Insecure Deserialization

Rule ID

1233358

Severity

High

Description

An insecure deserialization vulnerability exists in Adobe ColdFusion. The vulnerability is due to deserialization of untrusted data when processing HTTP parameters sent to ColdFusion Component (CFC) endpoints. A remote, unauthenticated, attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the security context of SYSTEM.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2023-38204

CVE-2023-29300

CVE-2023-38203

T1059

T1548.002

Keywords

N/A

Date Created

2023/07/31

Last Updated

2024/04/02

This website uses cookies to ensure you get the best experience on our website.