Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure.
The more critical issue is the code execution vulnerability as it could potentially allow for the takeover of a server.
The vulnerabilities details can be seen below:
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
|---|---|---|---|
| Security bypass | Information Disclosure | Important | CVE-2019-8072 |
| Command Injection via Vulnerable component | Arbitrary code execution | Critical | CVE-2019-8073 |
| Path Traversal Vulnerability | Access Control Bypass | Critical | CVE-2019-8074 |
To resolve these vulnerabilities, Adobe suggests that users update to…
Source link
