Mitigation Instructions for Adobe ColdFusion CVE-2023-29300
SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide
1 min read
CyRisk Vulnerability Management Team : Feb 7, 2024 10:56:13 AM
SUBJECT: Urgent Mitigation Required: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA - Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-21893)
TECH STACK: Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x), Ivanti Neurons for ZTA
DATE(S) ISSUED: 01/31/2024
NVD Last Modified: 01/31/2024
CRITICALITY: HIGH (CVSS score:8.2)
OVERVIEW:
A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-21893) has been identified in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA versions 9.x and 22.x. This vulnerability allows an attacker to access certain restricted resources without authentication, potentially compromising the entire system.
SOLUTION:
Immediate Action:
Confirmation & Additional Information:
Additional Recommendations:
REFERENCES:
Third Party Advisories:
SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide
SUBJECT: Critical Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)
SUBJECT: Mitigate Cisco ASA and FTD Information Disclosure Vulnerability (CVE-2020-3259)