Security News > 2021 > March > Adobe Patches Critical ColdFusion Security Flaw
Adobe has released an urgent patch for a potentially dangerous security vulnerability in Adobe ColdFusion, the platform used for building and deploying mobile and web apps.
"These updates resolve a critical vulnerability that could lead to arbitrary code execution," Adobe said in an advisory.
The security updates are available for ColdFusion versions 2021, 2016 and 2018.
The company recommends that users update the ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11.
"Applying the ColdFusion update without a corresponding JDK update will NOT secure the server," Adobe warned.
The company also published security configuration settings and lockdown guides for ColdFusion deployments.
News URL
Related news
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)