HackDig : Dig high-quality web security articles

Adobe addresses a critical vulnerability in ColdFusion product

2021-03-22 19:00

Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) that could lead to arbitrary code execution. 

Adobe has released security patches to address a critical vulnerability in Adobe ColdFusion that could be exploited by attackers to execute arbitrary code on vulnerable systems. The issue, tracked as CVE-2021-21087 is caused by improper input validation.

“Adobe has released security updates for ColdFusion versions 2021, 2016 and 2018. These updates resolve a critical  vulnerability that could lead to arbitrary code execution. ” reads the advisory published by the software giant.

The flaw affects ColdFusion 2016 Update 16 and earlier version, all ColdFusion 2018 Update 10, and earlier versions All ColdFusion 2021 Version 2021.0.0.323925.

Adobe recommends updating your ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11, it pointed out that installing the ColdFusion update without a corresponding JDK update will NOT secure the server.  

The software giant also recommends customers apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.    

The vulnerability was reported by Josh Lane, the company confirmed that it is now aware of attacks in the wild exploiting the CVE-2021-20187 vulnerability.  

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Coldfusion)

The post Adobe addresses a critical vulnerability in ColdFusion product appeared first on Security Affairs.


Source: ;830#&ssr=ecruos_mtu?lmth.walf-noisufdloc-eboda/ytiruces/468511/sserpdrow/oc.sriaffaytiruces

“Adobe addresses a critical vulnerability in ColdFusion product”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud