Adobe Patches Critical Command Injection, Path Traversal Flaws in ColdFusion

5 years ago
September 24, 2019
0 replies
20 views

+54

Jasper_The_Rasper
Moderator
11535 replies

By Eduard Kovacs on September 24, 2019

Updates released by Adobe on Tuesday for its ColdFusion web application development platform address three vulnerabilities, including two that have been classified “critical.”

ColdFusion 2016 Update 12 and ColdFusion 2018 Update 5 fix a critical path traversal vulnerability that can be exploited to bypass access controls (CVE-2019-8074), and a critical command injection flaw that can be leveraged for arbitrary code execution (CVE-2019-8073).

The last security hole, described by Adobe as a security bypass that can lead to information disclosure, was assigned an “important” severity rating.

Full Article.

Be the first to reply!

Reply

Related Topics

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe Patches Critical Vulnerabilities in Media Encoder, Download Manager

Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker

HPE warns of critical RCE flaws in Aruba Networking access points

Ivanti patches new zero-day exploited in Norwegian govt attacks

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded