CVE-2023-29298

Vulnerability updated a month ago (2024-11-29T13:31:59.091Z)

Download STIX

Preview STIX

CVE-2023-29298 is a critical vulnerability found in Adobe ColdFusion, an application server used for building and deploying web and mobile applications. This flaw, discovered by Rapid7, was part of multiple Common Vulnerabilities and Exposures (CVEs) affecting Adobe ColdFusion in July 2023. The vulnerability allows threat actors to bypass authentication, remotely execute commands, and install webshells on vulnerable servers. On July 11, 2023, Adobe released patches to address this access control bypass vulnerability along with other vulnerabilities including an insecure deserialization vulnerability allowing arbitrary code execution (CVE-2023-29300). Active exploitation of CVE-2023-29298 was detected on July 13, 2023, alongside another unpublished vulnerability tracked as CVE-2023-38203. This discovery indicated that threat actors were leveraging these vulnerabilities to compromise systems. In an unfortunate turn of events, Project Discovery mistakenly disclosed an n-day exploit for what they believed to be CVE-2023-29300, but Adobe quickly responded by releasing an out-of-band update to fix the issue on July 14. In response to the ongoing threats, Adobe released security updates last week to address three high-risk vulnerabilities: CVE-2023-29298, CVE-2023-29300, and CVE-2023-29301. These updates are crucial for enhancing system security and mitigating potential risks associated with these vulnerabilities. It is recommended that users promptly apply these updates to their systems to protect against possible exploitation.

Description last updated: 2024-05-04T17:55:25.309Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Coldfusion

Vulnerability

Adobe

Rapid7

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2023-29300 is associated with CVE-2023-29298.	Unspecified	2

Source Document References

Information about the CVE-2023-29298 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency
CERT-EU	a year ago	What’s New in InsightVM and Nexpose: Q3 2023 in Review \| Rapid7 Blog
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	a year ago	Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP
CERT-EU	a year ago	Adobe ColdFusion Vulnerabilities Exploited in Wild
CERT-EU	a year ago	CVE-2023-38205: ColdFusion Vulnerability Exploited in the Wild
CERT-EU	a year ago	CISA Adds Two Known Exploited Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities
CERT-EU	a year ago	Adobe releases emergency update to fix new ColdFusion zero-day
Securityaffairs	a year ago	Adobe out-of-band update addresses an actively exploited ColdFusion zero-day
CERT-EU	a year ago	Hackers Actively Exploit Multiple Adobe ColdFusion Vulnerabilities
InfoSecurity-magazine	a year ago	New Vulnerabilities Found in Adobe ColdFusion
BankInfoSecurity	a year ago	Security Alert: Exploit Chain Actively Hits ColdFusion
CERT-EU	a year ago	Critical Adobe ColdFusion flaws exploited in the wild
Securityaffairs	a year ago	Adobe warns customers of critical ColdFusion RCE exploited in attacks