|CERT-In Vulnerability Note
Security Feature Bypass Vulnerabilities in Adobe ColdFusion
Original Issue Date:September 21, 2021
Severity Rating: HIGH
- Adobe ColdFusion 2018 Update 11 and earlier versions
- Adobe ColdFusion 2021 version 1 and earlier versions
Security Feature Bypass vulnerabilities have been reported in Adobe ColdFusion which could be exploited by an attacker to bypass security restrictions and gain unauthorized access on the targeted system.
These vulnerabilities exist in Adobe ColdFusion due to usage of dangerous code and improper access restrictions. An attacker could exploit these vulnerabilities by sending a specially-crafted request and gain unauthorized access to the application.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.
Apply appropriate patches as mentioned in the following links:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003