Adobe has released security patches to address a critical vulnerability in Adobe ColdFusion that could be exploited by attackers to execute arbitrary code on vulnerable systems. The issue, tracked as CVE-2021-21087 is caused by improper input validation.
“Adobe has released security updates for ColdFusion versions 2021, 2016 and 2018. These updates resolve a critical vulnerability that could lead to arbitrary code execution. ” reads the advisory published by the software giant.
The flaw affects ColdFusion 2016 Update 16 and earlier version, all ColdFusion 2018 Update 10, and earlier versions All ColdFusion 2021 Version 2021.0.0.323925.
Adobe recommends updating your ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11, it pointed out that installing the ColdFusion update without a corresponding JDK update will NOT secure the server.
The software giant also recommends customers apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
The vulnerability was reported by Josh Lane, the company confirmed that it is now aware of attacks in the wild exploiting the CVE-2021-20187 vulnerability.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Coldfusion)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.