Adobe ColdFusion Critical Vulnerability patched

Comments off | script By · 16/12/2022



Adobe ColdFusion Critical Vulnerability patched

Adobe ColdFusion Critical Vulnerability patched

Adobe ColdFusion Critical Vulnerability patched
This update covers products ColdFusion versions 2021 Update 1, 2018
Update 11 and earlier versions, and 2016 Update 16 and earlier versions. Administrators must update to the latest version prior to applying the current patch for CVE-2021-21087 as per “Adobe recommends updating your ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11. Applying the ColdFusion update without a corresponding JDK update will NOT secure the server.”
CVE-2021-21087 is an “Arbitrary code execution” vulnerability that is caused by “Improper Input Validation”
Since you likely will be spending time on this update, Adobe recommends reviewing the Lockdown Guides for ColdFusion and ensure that ColdFusion is locked down per the following guides.
• ColdFusion 2018 Auto-Lockdown guide
o https://helpx.adobe.com/coldfusion/user-guide.html/coldfusion/using/server-lockdown.ug.html
• ColdFusion 2016 Lockdown Guide
o https://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf
• ColdFusion 2021 Lockdown Guide
o https://www.adobe.com/content/dam/cc/us/en/products/coldfusion/pdfs/cf-starter-kits/coldfusion-2021-lockdown-guide-1.1.pdf
Adobe provides documentation on how to update ColdFusion and how to apply the latest fix. Also included in this documentation is what is fixed in the latest patches.
This update is rated according to Adobe as a priority 2. A Priority 2 defined by Adobe is “This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days)”.
Adobe gives credit to Josh Lane for discovering and reporting of the vulnerability documented in CVE-2021-21087.

Sources:
https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
https://helpx.adobe.com/security/severity-ratings.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-17.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-11.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-1.html

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav