Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.
CERT Bulgaria urges organizations to review Adobe ColdFusion security bulletin APSB23-52 for more information and to:
– Apply the recommended updates in APSB23-52;
– Follow Adobe recommendations on ColdFusion hardening (ColdFusion 2023 Lockdown Guide and ColdFusion 2021 Lockdown Guide);
– Consider adding a web application firewall (WAF) filter for CFIDE for external users.