Bruin Learn access is restored. UCLA Digital and Technology Solutions and Bruin Learn administrators are continuing to monitor for delays or unexpected issues with the restoration of UCLA’s Canvas environment. If you continue to experience any issues with Bruin Learn, please reach out to BruinLearn-Support@it.ucla.edu

Patch Now: Adobe ColdFusion

Roozbeh Kavian
April 11, 2023
Security Advisory

UCLA Information Security Office would like to inform you of a critical vulnerability (CVE-2023-26360) discovered and actively exploited in Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), which can result in privilege escalation and remote code execution when exploited.

We strongly urge all campus operators to immediately patch the servers on critical infrastructure and systems that are publicly facing the Internet.

Please visit the below links for additional details

Information Security is reviewing threat and indicator intelligence to enrich the campus security instrumentation for detection and alerting on any indicators related to this exploitation. If you have any questions or concerns regarding this exploit, please contact us at security[@]ucla.edu.

Patch Now: Adobe ColdFusion

Bruin Learn Access Restored

Security Incident at Instructure (Canvas)

Linux Kernel Local Privilege Escalation Vulnerability (Copy Fail)

Action Required: New Logon Security Protocols to Access UCPath

Beware of Impersonation and Social Engineering During Emergencies