In a 2018 blog post, Code White researchers detailed vulnerabilities in Adobe ColdFusion (versions 11 and 12), focusing on deserialization issues within the Action Message Format (AMF) used by ColdFusion for data exchange. Before CVE-2017-3066, they had discovered, ColdFusion lacked class whitelisting, allowing attackers to exploit java.io.Externalizable for remote code execution.
CISA did not disclose specific details of exploitation for security reasons, waring all organizations to…
Article Source
https://www.csoonline.com/article/3832453/critical-deserialization-bugs-in-adobe-oracle-software-actively-exploited-warns-cisa.html
