Adobe flickt ColdFusion-Schwachstelle mit hohem Ausnutzungsrisiko

Teilen:

Adobe on Monday warned that proof-of-concept (PoC) code exists for a fresh ColdFusion vulnerability.

Tracked as CVE-2024-53961 (CVSS score of 7.4), the security defect is described as a path traversal issue leading to arbitrary file system read if the ‘pmtagent’ package is installed on the ColdFusion server.

“An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data,” a NIST advisory reads.

Although the flaw has a ‘high severity’ rating based on its CVSS score, Adobe considers it critical, marking it as ‘Priority 1’ and warning that it has a high risk of being targeted in attacks.

“Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read,” the company warns.

The vulnerability affects ColdFusion 2023 update 11 and earlier and ColdFusion 2021 update 17 and earlier and was resolved with the release of ColdFusion 2023 update 12 and ColdFusion 2021 update 18.

ColdFusion installations should be updated as soon as possible and Adobe also recommends reviewing its lockdown guides for the affected versions and ensuring that the Performance Monitoring Toolset (PMT) server is up and running during the update, if PMT is in use.

Vulnerabilities in Adobe ColdFusion have long been an attractive target for threat actors. Last week, the US cybersecurity agency CISA warned that an improper access control defect in ColdFusion patched in March 2024 has been exploited in the wild. The flaw is tracked as CVE-2024-20767.

Advertisement. Scroll to continue reading.

In December last year, CISA warned that a ColdFusion bug leading to arbitrary code execution had been exploited in attacks targeting servers belonging to a federal civilian executive branch (FCEB) agency. Tracked as CVE-2023-26360, the defect was patched in March 2023, after being exploited in the wild.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
7:56 pm, Feb. 15, 2025
Wetter-Symbol 3°C
L: 2° | H: 4°
broken clouds
Luftfeuchtigkeit: 87 %
Druck: 1019 mb
Wind: 7 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 75%
Regen Chance: 0%
Sichtbarkeit: 7 km
Sonnenaufgang: 7:14 am
Sonnenuntergang: 5:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
2° | 4°°C 1 mm 100% 7 mph 87 % 1019 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
2° | 4°°C 1 mm 100% 10 mph 89 % 1022 mb 0.24 mm/h
Mo. Feb. 17 9:00 pm
Wetter-Symbol
1° | 7°°C 0 mm 0% 7 mph 78 % 1022 mb 0 mm/h
Di. Feb. 18 9:00 pm
Wetter-Symbol
1° | 8°°C 0 mm 0% 8 mph 70 % 1022 mb 0 mm/h
Mi. Feb. 19 9:00 pm
Wetter-Symbol
4° | 10°°C 0 mm 0% 7 mph 94 % 1020 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
2° | 3°°C 1 mm 100% 7 mph 87 % 1019 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
2° | 3°°C 1 mm 100% 7 mph 89 % 1019 mb 0.24 mm/h
Tomorrow 3:00 am
Wetter-Symbol
2° | 3°°C 0 mm 0% 6 mph 89 % 1019 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
2° | 2°°C 0 mm 0% 6 mph 88 % 1020 mb 0 mm/h
Tomorrow 9:00 am
Wetter-Symbol
3° | 3°°C 0 mm 0% 8 mph 80 % 1020 mb 0 mm/h
Tomorrow 12:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 10 mph 69 % 1021 mb 0 mm/h
Tomorrow 3:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 9 mph 64 % 1021 mb 0 mm/h
Tomorrow 6:00 pm
Wetter-Symbol
3° | 3°°C 0 mm 0% 8 mph 69 % 1021 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€93,015.07
-0.14%
Ethereum(ETH)
€2,571.14
-1.25%
XRP(XRP)
€2.62
-1.12%
Fesseln(USDT)
€0.95
-0.02%
Solana(SOL)
€185.25
-3.42%
USDC(USDC)
€0.95
0.00%
Dogecoin(DOGE)
€0.258988
-1.40%
Shiba Inu(SHIB)
€0.000015
-2.72%
Pepe(PEPE)
€0.000010
-4.40%
Nach oben scrollen