Mitigation Instructions for Adobe ColdFusion CVE-2023-29300
SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide
1 min read
CyRisk Vulnerability Management Team : Feb 23, 2024 4:41:49 PM
SUBJECT: Mitigation for Ivanti Connect Secure and Policy Secure Command Injection Vulnerability (CVE-2024-21887)
TECH STACK: Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x)
DATE(S) ISSUED: 01/12/2024
NVD Last Modified: 01/22/2024
CRITICALITY: HIGH (CVSS Score: 9.1)
OVERVIEW:
This vulnerability affects Ivanti Connect Secure and Policy Secure versions 9.x and 22.x. It allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance, potentially compromising data, installing backdoors, or launching further attacks.
SOLUTION/MITIGATION:
Immediate Action:
Additional Protective Measures:
Confirmation & Additional Information:
REFERENCES:
SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide
SUBJECT: Critical Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)
SUBJECT: Mitigate Cisco ASA and FTD Information Disclosure Vulnerability (CVE-2020-3259)