The U.S. agency tasked with protecting the nation’s cybersecurity and infrastructure added a vulnerability targeting Adobe ColdFusion to its catalog of known exploits after the software maker issued a patch the day before. In a March 14 security bulletin, Adobe said it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks.” The security updates issued resolve critical vulnerabilities that could lead to arbitrary code execution and memory leak in versions 2021 and 2018 of the web-application development platform.The Cybersecurity and Infrastructure Agency added the vulnerability to its Known Exploited Vulnerability Catalog “based on evidence of active exploitation,” the U.S. agency said in a March 15 release.CISA described the exploit in ColdFusion in the KEV as containing “an improper access control vulnerability that allows for remote code execution.” Federal agencies have until April 5 to apply the security updates issued by Adobe.
Vulnerability Management, DevSecOps, Threat Management
Adobe ColdFusion bug exploited; CISA adds RCE to vulnerability catalog
CISA added a vulnerability in Adobe ColdFusion to it's catalog of known exploits and gave federal agencies a deadline of April 5 to install security updates by the software maker. (Tada Images via Adobe Stock Images)
Stephen Weigand
Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds