CVE-2023-44353
ColdFusion WDDX Deserialization Gadgets
In short
Adobe ColdFusion has a critical flaw where it unsafely processes specially crafted data structures (WDDX format), allowing attackers to run arbitrary code on the server without any user action needed.
Technical detail
ColdFusion WDDX deserialization vulnerability (CWE-502) allows unauthenticated remote code execution through malicious serialized objects leveraging gadget chains in Java classpath. No user interaction required; attacker can exploit via network request to vulnerable endpoint.
Summary generated and translated by AI from the official description.
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Adobe · ColdFusionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →