Adobe Releases Security Updates for ColdFusion

Adobe has released security updates to address a vulnerability in ColdFusion versions 10, 11 and the 2016 release. Exploitation of this vulnerability can allow a remote attacker to take control of an affected website through a cross-site scripting attack.

Threat ID:: CC-1369
Category:
Threat Severity:: Low
Threat Vector:
Published:: 27 April 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Affected platforms

The following platforms are known to be affected:

Adobe ColdFusion 2016

ColdFusion (2016 release) Update 3 and earlier
ColdFusion 11 Update 11 and earlier
ColdFusion 10 Update 22 and earlier

Adobe ColdFusion 11

Threat details

Exploitation of this vulnerability can allow a remote attacker to take control of an affected website through a cross-site scripting attack. These updates also include an updated version of Apache BlazeDS to mitigate java deserialization.

Remediation steps

Type	Step
	Users and administrators are encouraged to review Adobe Security Bulletin APSB17-14 and apply the necessary updates.

Last edited: 17 February 2020 11:25 am