Cyberattacks on Adobe Coldfusion and Oracle Agile PLM observed

The US cybersecurity authority CISA says it has observed attacks on vulnerabilities in Adobe Coldfusion and Oracle Agile Product Lifecycle Management (PLM). Some vulnerabilities are very old and updates are available.

In one of CISA's short and concise warnings, the authority only lists the vulnerabilities that it has recently and currently observed being attacked. The vulnerability abused by attackers in Adobe Coldfusion concerns the Apache BlazeDS library supplied with the program. This contains an “important” Java deserialization vulnerability (CVE-2017-3066). Adobe has not published any further information on the vulnerability, and there is also no classification with a CVSS value. However, the company already patched it in April 2017 with a hotfix for Coldfusion 10, 11 and 2016.

Oracle Agile PLM vulnerability under attack

The vulnerability in Oracle Agile Product Lifecycle Management (PLM) exploited in the wild, on the other hand, has been known for a year. CISA describes it in its announcement as a deserialization vulnerability, but the vulnerability description itself makes it clear that attackers can simply abuse the vulnerability in Oracle Agile PLM 9.3.6 with HTTP access and low privileges to completely take over an Oracle Agile PLM instance (CVE-2024-20953, CVSS 8.8, risk “high”).

CISA does not explain how the attacks work and what their scope or impact is. IT managers should update their systems now at the latest.

IT managers can hardly rest: just last weekend, CISA warned of ongoing attacks on Palo Alto Networks PAN-OS and the Craft CMS. However, the exploited vulnerabilities were much more recent, and those in PAN-OS had only been known for about a week. However, this shows that admins really do need to install available updates very promptly in order to best protect the networks they manage against cyberattacks.

(dmk)