Adobe ColdFusion Multiple Vulnerabilities
Multiple vulnerabilities were identified in Adobe ColdFusion. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, cross-site scripting and data manipulation on the targeted system.
Note:
A XSS (cross-site scripting) vulnerability has been identified in Adobe ColdFusion .
A java deserialization vulnerability has been identified in Adobe ColdFusion .
RISK: Extremely High Risk
TYPE: Web services – Web Servers
Impact
- Cross-Site Scripting
- Data Manipulation
- Remote Code Execution
System / Technologies affected
- ColdFusion (2016 release) Update 3 and earlier versions
- ColdFusion 11 Update 11 and earlier versions
- ColdFusion 10 Update 22 and earlier versions
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to ColdFusion (2016 release) Update 4 or later
- Update to ColdFusion 11 Update 12 or later
- Update to ColdFusion 10 Update 23 or later
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
