Security News > 2021 > March > Adobe Fixes Critical ColdFusion Flaw in Emergency Update

Adobe Fixes Critical ColdFusion Flaw in Emergency Update
2021-03-22 15:49

In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications.

Further information on the flaw - including where in ColdFusion it exists, and how difficult it is to exploit, were not addressed; Threatpost has reached out to Adobe for further comment.

The flaw has been corrected in the following versions of ColdFusion: ColdFusion 2016, ColdFusion 2018 and ColdFusion 2021.

Adobe said the security update is a "Priority 2," meaning that it resolves vulnerabilities "In a product that has historically been at elevated risk" - but for which there are currently no known exploits.

"As a best practice, Adobe recommends administrators install the update soon."

In 2019, Adobe issued unscheduled security updates to fix two critical flaws in its ColdFusion product.


News URL

https://threatpost.com/adobe-critical-coldfusion-flaw-update/164946/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 112 77 1333 1988 640 4038