Fortinet has noted growing threat exploitation aimed at the web development platform Adobe ColdFusion. This is in spite of Adobe releasing a number of security upgrades (APSB23-40, APSB23-41, and APSB23-47) in response to reports of multiple serious flaws in its platform in July. The deserialization of untrusted data by the Web Distributed Data eXchange (WDDX) data that is a component of some requests to ColdFusion, however, is one of the vulnerabilities that Fortinet’s FortiGuard Labs IPS telemetry data has continued to identify numerous attempts to attack after those updates.
