“Based on previous experience, we do not anticipate exploits are imminent,” for “priority 2” updates, said Adobe.
#Adobe coldfusion 11 update
See below for the updated versions.Īdobe said the security update is a “priority 2,” meaning that it resolves vulnerabilities “in a product that has historically been at elevated risk” – but for which there are currently no known exploits. The flaw has been corrected in the following versions of ColdFusion: ColdFusion 2016 (update 17), ColdFusion 2018 (update 11) and ColdFusion 2021 (update 1).
Further information on the flaw – including where in ColdFusion it exists, and how difficult it is to exploit, were not addressed Threatpost has reached out to Adobe for further comment. This can affect the control flow or data flow of a program, and allow for an attacker to launch a slew of malicious attacks. The vulnerability stems from improper input validation, which is a type of issue ( previously plaguing other Adobe products) that occurs when the affected product does not validate input. “Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates,” according to Adobe on Monday.
#Adobe coldfusion 11 code
The latest flaw ( CVE-2021-21087) exists in ColdFusion versions 2016 (Update 16 and earlier), 2018 (Update 10 and earlier) and 2021 (Version 2021.25), and could lead to arbitrary code execution.
During these updates, the tech company issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. The security alert comes two weeks after Adobe’s regularly-scheduled updates. In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications.
0 kommentar(er)
