Summary
A security vulnerability with a severity of “high” has been patched in Adobe ColdFusion, a web development platform that allows the creation of dynamic and interactive applications. This vulnerability, if exploited, could allow an attacker to arbitrarily access files on affected systems.
Note: The vendor states that a Proof of Concept (PoC) for exploiting the vulnerability is available online.
Risk
Estimate of the impact of the vulnerability on the reference community: Critical (76.15)
Type
- Arbitrary File Read
Affected products and/or versions
- ColdFusion 2023, Update 11 and earlier
- ColdFusion 2021, Update 17 and earlier
Mitigation actions
In line with the vendor’s statements, it is recommended to update the vulnerable products following the indications of the security bulletin reported in the References section.
References
https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
