Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
2023-07-20T16:15:12.180
2025-10-23T11:13:14.557
Analyzed
CVSSv3.1: 9.8 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |