FlagThis - #deserialization

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.

These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.


References :

• Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
• thecyberexpress.com: CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
• cyble.com: Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
• Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]

Classification:

• HashTags: #CISA #Vulnerabilities #AdobeColdFusion
• Company: Microsoft
• Target: Organizations using Adobe ColdFusion and Oracle Agile PLM
• Product: Adobe ColdFusion, Oracle Agile PLM
• Feature: deserialization
• Type: Vulnerability
• Severity: Medium