Multiple Threats Target Adobe ColdFusion Vulnerabilities

This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion 2021.

Since those updates, however, FortiGuard Labs IPS telemetry data has continued to detect numerous efforts to exploit the Adobe ColdFusion deserialization of untrusted data vulnerability, which poses a significant risk of arbitrary code execution.

Read more…
Source: Fortinet