Adobe has issued urgent patches to fix a critical security vulnerability in its ColdFusion app server. The issue, tracked as CVE-2024-53961, allows attackers to exploit arbitrary file system compromise in versions 2021 and 2023.
To protect against this threat, Adobe recommends immediately applying Update 18 and Update 12 for affected iterations. Additionally, users are advised to review Adobe’s updated serial filter documentation.
The vulnerability has a proof-of-concept exploit code, which highlights the severity of the issue. ColdFusion developers must take immediate action to patch their servers and update their software to prevent potential attacks.
Source: https://insight.scmagazineuk.com/out-of-band-patches-released-by-adobe-vulnerability