Adobe Releases Security Updates for ColdFusion [APSB19-47]

Adobe has released security updates for ColdFusion versions 2018 and 2016. These updates resolve two critical and one important vulnerability that could lead to arbitrary code execution.   

Affected Versions

ProductAffected VersionsPlatform
ColdFusion 2018Update 4 and earlier versionsAll
ColdFusion 2016Update 11 and earlier versionsAll

In order to resolve these issues Adobe recommends that you update Adobe ColdFusion 2018 to Update 5 and Adobe ColdFusion 2016 to update 12.

Vulnerability Details

CVE-2019-8072 – Security bypass (Information Disclosure)

CVE-2019-8073 – Command Injection via Vulnerable component (Arbitrary code execution)

CVE-2019-8074 – Path Traversal Vulnerability (Access Control Bypass)

Adobe reference – APSB19-47

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: