Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure
ColdFusion
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP
By Linn Foster Freedman on
Posted in Cybersecurity
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023, announced patches for CVE-2023-29298, an improper access control issue that can lead to a security feature bypass, and CVE-2023-29300, a deserialization issue that can be exploited for arbitrary code execution.
On July 14, Adobe announced patches…