WEB Adobe ColdFusion CVE-2023-38204 Insecure Deserialization

Rule ID

1233358

Severity

High

Description

An insecure deserialization vulnerability exists in Adobe ColdFusion. The vulnerability is due to deserialization of untrusted data when processing HTTP parameters sent to ColdFusion Component (CFC) endpoints. A remote, unauthenticated, attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the security context of SYSTEM.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

Reference

CVE-2023-38204

T1059

T1548.002

Keyword

N/A

Created At

2023/07/31

Updated At

2023/08/31

This website uses cookies to ensure you get the best experience on our website.

Learn more