Adobe has released an urgent patch for a potentially dangerous security vulnerability in Adobe ColdFusion, the platform used for building and deploying mobile and web apps.
“These updates resolve a critical vulnerability that could lead to arbitrary code execution,” Adobe said in an advisory issued on Monday.
The security updates are available for ColdFusion versions 2021 (including version 2021.0.0.323925), 2016 and 2018.
Adobe said it has not observed signs of in-the-wild exploitation targeting the new CVE-2021-20187 vulnerability.
According to Adobe’s advisory, the vulnerability is described as “improper input validation” that could lead to arbitrary remote code execution.
The company recommends that users update the ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11. “Applying the ColdFusion update without a corresponding JDK update will NOT secure the server,” Adobe warned.
The company also published security configuration settings and lockdown guides for ColdFusion deployments.
Related: Adobe Patches Critical Flaws in AEM, FrameMaker, InDesign
Related: Adobe Patches 11 Critical Vulnerabilities in Acrobat and Reader
More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- CISA, NSA Issue Guidance for IAM Administrators
