Several vulnerabilities in Adobe ColdFusion have been discovered recently, tracked as CVE-2023-29300, CVE-2023-38205, and CVE-2023-29298. These vulnerabilities, which can be exploited to allow arbitrary code execution and bypass access controls, affect several ColdFusion versions since 2016.
Imperva has seen over 200,000 exploitation attempts since these vulnerabilities were disclosed, beginning on July 11. Attacks are primarily focused on US-based sites and predominantly target the computing, financial services, and business industries. Attacking IPs mostly come from the US and India, with an average of 50,000 attack attempts per day.
All of these vulnerabilities are blocked out of the box by Imperva Cloud WAF. Imperva WAF Gateway customers are automatically protected if they are subscribed to ThreatRadar Emergency Feeds, otherwise they will need to manually enable the signatures published on the Imperva community site. It is also recommended that all Adobe ColdFusion customers install Adobe’s security updates.
Imperva is also tracking CVE-2023-38204, although exploitation has not been observed in the wild. In the meantime, applying Adobe updates will block this vulnerability.
Imperva is monitoring the situation and will provide updates as possible.
Try Imperva for Free
Protect your business for 30 days on Imperva.