UCLA Information Security Office would like to inform you of a critical vulnerability (CVE-2023-26360) discovered and actively exploited in Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), which can result in privilege escalation and remote code execution when exploited.
We strongly urge all campus operators to immediately patch the servers on critical infrastructure and systems that are publicly facing the Internet.
Please visit the below links for additional details
Information Security is reviewing threat and indicator intelligence to enrich the campus security instrumentation for detection and alerting on any indicators related to this exploitation. If you have any questions or concerns regarding this exploit, please contact us at security[@]ucla.edu.