Application Security

Adobe Patches Critical ColdFusion Security Flaw

Adobe has released an urgent patch for a potentially dangerous security vulnerability in Adobe ColdFusion, the platform used for building and deploying mobile and web apps.

SecurityWeek News

March 22, 2021

Adobe has released an urgent patch for a potentially dangerous security vulnerability in Adobe ColdFusion, the platform used for building and deploying mobile and web apps.

“These updates resolve a critical vulnerability that could lead to arbitrary code execution,” Adobe said in an advisory issued on Monday.

The security updates are available for ColdFusion versions 2021 (including version 2021.0.0.323925), 2016 and 2018.

Adobe said it has not observed signs of in-the-wild exploitation targeting the new CVE-2021-20187 vulnerability.

According to Adobe’s advisory, the vulnerability is described as “improper input validation” that could lead to arbitrary remote code execution.

The company recommends that users update the ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11. “Applying the ColdFusion update without a corresponding JDK update will NOT secure the server,” Adobe warned.

The company also published security configuration settings and lockdown guides for ColdFusion deployments.

Advertisement. Scroll to continue reading.

Written By SecurityWeek News

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Cybersecurity Mesh: Overcoming Data Security Overload

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach. (Torsten George)

The OODA Loop: The Military Model That Speeds Up Cybersecurity Response

The OODA Loop can be used both by defenders and incident responders for a variety of use cases such as threat assessment, threat monitoring, and threat hunting. (Etay Maor)

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

SecurityWeek NewsMarch 26, 2014

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Eduard KovacsSeptember 24, 2019

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Eduard KovacsOctober 1, 2019

Cybercrime

Cyber Insights 2023 | Ransomware

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Kevin TownsendFebruary 2, 2023

Quantum computing and the cryptopocalypse

Data Protection

Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Kevin TownsendFebruary 2, 2023

Zero Trust and Identity and Access Management

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Kevin TownsendFebruary 6, 2023

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Eduard KovacsMarch 28, 2023

Artificial Intelligence

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Kevin TownsendFebruary 21, 2023

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Application Security

Adobe Patches Critical ColdFusion Security Flaw

More from SecurityWeek News

Latest News

Trending

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Cybersecurity Mesh: Overcoming Data Security Overload

The OODA Loop: The Military Model That Speeds Up Cybersecurity Response

Related Content

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

Cybercrime

Cyber Insights 2023 | Ransomware

Data Protection

Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Artificial Intelligence

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

SECURITYWEEK NETWORK:

ICS:

More from SecurityWeek News

Latest News

Trending

Daily Briefing Newsletter

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Cybersecurity Mesh: Overcoming Data Security Overload

The OODA Loop: The Military Model That Speeds Up Cybersecurity Response

Related Content

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

Cybercrime

Cyber Insights 2023 | Ransomware

Data Protection

Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Artificial Intelligence

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm