Skip to content

Adobe Releases Security Updates for ColdFusion - 20230720003

Overview

Adobe has released security updates that address a critical vulnerability in their ColdFusion product with a CVSS base score of 9.8. An attacker could execute arbitrary code with no user interaction.

What is the vulnerability?

CVE-2023-38203 - CVSS v3 Base Score: 9.8

What is vulnerable?

The vulnerability affects the following products:

  • ColdFusion 2018 - Update 17 and earlier versions
  • ColdFusion 2021 - Update 7 and earlier versions
  • ColdFusion 2023 - Update 1 and earlier versions

For more details, see Adbobe's Security Bulletin.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators follow the patch management guidelines to apply the solutions as per vendor instructions to all affected devices within expected time frame of:

  • Two weeks for internet facing services.
  • One month for other workstations and servers.

See Adobe's Security Bulletin for details.