CVSS 3.1 Score 9.8 of 10 (high)


Published Nov 17, 2023
Updated: Nov 23, 2023
CWE ID 502


CVE-2023-44350 is a vulnerability affecting Adobe ColdFusion versions 2023.5 and earlier, as well as 2021.11 and earlier. The vulnerability is categorized as a Deserialization of Untrusted Data vulnerability, which could lead to arbitrary code execution. It is important to note that exploitation of this vulnerability does not require user interaction. The affected products include a wide range of Adobe ColdFusion versions (eZkUGX, r4hA-G, r4hA-F, eZkUGY, QtqZe9, QtqZe-, QtqZe4, QtqZe6, QtqZe3, RgAzMp, apT995, apT994, apT997, apT996, apT999, apT998, apT99_, apT99-, apT99z, apT99y, apT991, apT990, apT993...). Organizations should promptly apply the necessary patches or updates provided by Adobe to remediate this vulnerability. Failure to do so could result in arbitrary code execution with high impact on confidentiality and integrity.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-44350 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options