Cookie Consent by Free Privacy Policy Generator 📌 CISA Identifies Critical Vulnerability in Adobe ColdFusion

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 CISA Identifies Critical Vulnerability in Adobe ColdFusion


💡 Newskategorie: Hacking
🔗 Quelle: blackhatethicalhacking.com

CISA Identifies Critical Vulnerability in Adobe ColdFusion

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

CISA issues urgent warning to federal agencies to patch ColdFusion servers

Following the discovery of a critical vulnerability in Adobe ColdFusion, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning. The flaw, known as CVE-2023-26360, can be exploited remotely by attackers who do not require user interaction. Adobe has since released security updates to address the flaw, which was being actively exploited in the wild as a zero-day. While ColdFusion 2016 and ColdFusion 11 installations are also affected, Adobe is no longer providing security updates for these versions. As a result, administrators are advised to update their systems within 72 hours, as the risk of exploitation is significant.

To further emphasize the urgency of this situation, CISA has given all U.S. Federal Civilian Executive Branch Agencies (FCEB) three weeks to secure their systems against potential attacks. While the order only applies to federal agencies, all organizations are strongly urged to patch their systems. The consequences of exploitation can be severe, and malicious cyber actors often take advantage of vulnerabilities like this.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Adobe releases security updates to fix ColdFusion vulnerabilities

In a separate blog post, Adobe announced the ColdFusion 2021 and 2018 March 2023 Security Updates. However, the company failed to mention that the patched security vulnerabilities were also exploited in the wild. Security researcher Charlie Arehart warned administrators of the importance of these updates and the need to patch them urgently. Arehart reported that he had personally seen both the ‘arbitrary code execution’ and ‘arbitrary file system read’ vulnerabilities being perpetrated on multiple servers.

ColdFusion admin warns of the seriousness of recent security update

The implications of the CVE-2023-26360 vulnerability are significant, and it is crucial that administrators act fast to secure their systems. With CISA and security experts warning of the grave risks posed by this flaw, it is clear that the threat is real and immediate. By installing the security updates and following the recommended security configuration settings, administrators can take steps to protect their systems from exploitation.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.

The post CISA Identifies Critical Vulnerability in Adobe ColdFusion first appeared on Black Hat Ethical Hacking. ...



📌 CISA Identifies Critical Vulnerability in Adobe ColdFusion


📈 56.68 Punkte

📌 Adobe ColdFusion 2016/ColdFusion 2018 privilege escalation [CVE-2020-3794]


📈 33.52 Punkte

📌 CISA Warns of Adobe ColdFusion Vulnerability Exploited in the Wild


📈 33.22 Punkte

📌 CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild


📈 33.22 Punkte

📌 CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion


📈 33.22 Punkte

📌 LIVE at 12pm ET: TikTok, GitHub, CISA, More CISA, a Little More CISA, Netgear, DoKwon, and More!


📈 31.87 Punkte

📌 TikTok | GitHub | CISA | More CISA | a Little More CISA | Netgear | DoKwon & more – SWN283


📈 31.87 Punkte

📌 TikTok, GitHub, CISA, More CISA, a Little More CISA, Netgear, & DoKwon - SWN #283


📈 31.87 Punkte

📌 CISA warns of Adobe ColdFusion bug exploited as a zero-day


📈 30 Punkte

📌 CISA Urgent Warning: Adobe ColdFusion Bug Exploited As A Zero-day in the Wild


📈 30 Punkte

📌 CISA adds Adobe ColdFusion bug to Known Exploited Vulnerabilities Catalog


📈 30 Punkte

📌 CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)


📈 30 Punkte

📌 Adobe Patches Critical ColdFusion Vulnerability With Active Exploit


📈 29.08 Punkte

📌 Critical code execution vulnerability fixed in Adobe ColdFusion


📈 29.08 Punkte

📌 Adobe addresses a critical vulnerability in ColdFusion product


📈 29.08 Punkte

📌 CISA Identifies SUPERNOVA Malware During Incident Response – Experts Insight


📈 27.61 Punkte

📌 Expel Vulnerability Prioritization identifies critical and‌ damaging vulnerabilities


📈 26.68 Punkte

📌 Adobe Patches Six Critical Flaws in ColdFusion


📈 25.86 Punkte

📌 Adobe patch update tackles six critical vulnerabilities in ColdFusion


📈 25.86 Punkte

📌 Update now! Critical Adobe ColdFusion flaw now being exploited


📈 25.86 Punkte

📌 Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign Software


📈 25.86 Punkte

📌 Critical Adobe Flash, ColdFusion Vulnerabilities Patched


📈 25.86 Punkte

📌 Adobe fixes critical security flaws in Flash, ColdFusion, Campaign


📈 25.86 Punkte

📌 Adobe Unscheduled Update Fixes Critical ColdFusion Flaws


📈 25.86 Punkte

📌 Adobe Fixes Critical Security Vulnerabilities in Coldfusion


📈 25.86 Punkte

📌 Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities


📈 25.86 Punkte

📌 adobe issued fixes for versions of its coldfusion web development platform - including six critical flaws.


📈 25.86 Punkte

📌 Adobe Security Update fixes Critical Vulnerabilities in Flash Player, Campaign and ColdFusion


📈 25.86 Punkte

📌 Adobe June Patch Tuesday Addressed Critical Security Vulnerabilities In ColdFusion, Campaign And Flash


📈 25.86 Punkte

📌 Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion


📈 25.86 Punkte

📌 Adobe Fixes Critical ColdFusion Flaw in Emergency Update


📈 25.86 Punkte

📌 Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce


📈 25.86 Punkte

📌 Adobe Patches Critical ColdFusion, InDesign Zero Day Bugs


📈 25.86 Punkte

📌 Adobe Patches Critical Command Injection, Path Traversal Flaws in ColdFusion


📈 25.86 Punkte

📌 Adobe Patches two critical vulnerabilities in ColdFusion


📈 25.86 Punkte











matomo