WEB Adobe ColdFusion CVE-2023-38204 Insecure Deserialization
Rule ID
1233358
Severity
High
Description
An insecure deserialization vulnerability exists in Adobe ColdFusion. The vulnerability is due to deserialization of untrusted data when processing HTTP parameters sent to ColdFusion Component (CFC) endpoints. A remote, unauthenticated, attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the security context of SYSTEM.
Impact
Remote code execution
Recommendation
Update vendor's patch.
IPS Category
Web threats
IPS Anomaly Group
N/A
IPS Rule Default Action
Deny
Reference
Keyword
N/A
Created At
2023/07/31
Updated At
2023/09/06
This website uses cookies to ensure you get the best experience on our website.
Learn more