ColdFusion 2018- update 4 and previous versions and ColdFusion 2016- update 11 and previous versions have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 2018 |
||
adobe coldfusion 2016 |
While you're at it, fix Java too It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes
Adobe has released an update to clean up a trio of vulnerabilities in ColdFusion, its long-running web application platform. The security update addresses three CVE-listed vulnerabilities discovered in both ColdFusion 2016 and ColdFusion 2018. Two of the bugs open up the software to critical remote code execution risks, while the third flaw allows less serious information disclosure. The first of the critical bugs has been assigned CVE-2019-8073. The flaw is described as a command injection issu...