Adobe Releases Security Updates for ColdFusion [APSB19-47]
Adobe has released security updates for ColdFusion versions 2018 and 2016. These updates resolve two critical and one important vulnerability that could lead to arbitrary code execution.
Affected Versions
| Product | Affected Versions | Platform |
|---|---|---|
| ColdFusion 2018 | Update 4 and earlier versions | All |
| ColdFusion 2016 | Update 11 and earlier versions | All |
In order to resolve these issues Adobe recommends that you update Adobe ColdFusion 2018 to Update 5 and Adobe ColdFusion 2016 to update 12.
Vulnerability Details
CVE-2019-8072 – Security bypass (Information Disclosure)
CVE-2019-8073 – Command Injection via Vulnerable component (Arbitrary code execution)
CVE-2019-8074 – Path Traversal Vulnerability (Access Control Bypass)
Adobe reference – APSB19-47
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.