Adobe ColdFusion Security Updates - 20230327003¶
Overview¶
Adobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve critical and important vulnerabilities that could lead to arbitrary code execution and memory leak.
What is the vulnerability?¶
CVE-2023-26359 - CVSS v3 Base Score: 9.8
CVE-2023-26360 - CVSS v3 Base Score: 8.6
CVE-2023-26361 - CVSS v3 Base Score 4.9
What is vulnerable?¶
The vulnerability affects the following products:
- ColdFusion versions:
- 2018 (Update 15 and earlier versions)
- 2021 (Update 5 and earlier versions)
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: