Adobe emergency patch fixes new ColdFusion zero-day used in attacks

CERT-MU Information Security News – 20 July 2023

Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks.  As part of today’s out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204 (9.8 rating), a critical Improper Access Control flaw tracked as CVE-2023-38205 (7.8 rating), and a moderate Improper Access Control flaw tracked as CVE-2023-38206 (5.3 rating). While CVE-2023-38204 is the most critical flaw patched today, as it is a remote code execution bug, it was not exploited in the wild.

Read More:


Skip to content