CVSS 3.1 Score 9.8 of 10 (high)


Published Jul 20, 2023
Updated: Jan 9, 2024
CWE ID 502


CVE-2023-38203 is a Deserialization of Untrusted Data vulnerability impacting Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier, and 2023u1 and earlier. This vulnerability could be exploited to execute arbitrary code without user interaction. The affected products include cV-Wi2, r4hA-G, fLY2Qt, cV-Wi3, r4hA-F, eZkUGY, mrhz5e, of2I5C, apT9-Y, ioluzP, mrhz5f, of2I5D, vVeTDg, mrhz5d, suWGLL, suWGLK, suWGLJ,aLhMPf,suWGLN , apT9-X , suWGLM , apT9-W , dSv90b , mrhz5i , epBgys , mrhz5g , mrhz5h , caXFIr. The vulnerability has a base severity rating of CRITICAL with a base score of 9.8. It does not require any privileges or user interaction for exploitation. The impact includes HIGH integrity and confidentiality impacts as well as availability impact. The CVE ID represents the Common Vulnerabilities and Exposures identifier for this specific vulnerability.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38203 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options