Adobe emergency patch fixes new ColdFusion zero-day used in attacks
CERT-MU Information Security News – 20 July 2023
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. As part of today’s out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204 (9.8 rating), a critical Improper Access Control flaw tracked as CVE-2023-38205 (7.8 rating), and a moderate Improper Access Control flaw tracked as CVE-2023-38206 (5.3 rating). While CVE-2023-38204 is the most critical flaw patched today, as it is a remote code execution bug, it was not exploited in the wild.