Wednesday, September 12, 2018

Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities



Related image
Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server.

Total 9 Security Patches for Adobe ColdFusion


Adobe has addressed a total of nine security vulnerabilities in its ColdFusion web application development platform, six of which are critical, two important and one moderate.

According to the 
advisory released by Adobe, ColdFusion contained four critical deserialization of untrusted data vulnerabilities (CVE-2018-15965, CVE-2018-15957, CVE-2018-15958, CVE-2018-15959) that could result in arbitrary code execution.

Out of the remaining two critical vulnerabilities addressed in ColdFusion, one is unrestricted file upload flaw (CVE-2018-15961) that could lead to arbitrary code execution, and the other (CVE-2018-15960) could enable arbitrary file overwrite.

The company has also released patches for two "important" security vulnerabilities in ColdFusion--security bypass glitch (CVE-2018-15963) that allows arbitrary folder creation, and directory listing flaw (CVE-2018-15962) that could enable information disclosure--and a moderate information disclosure bug (CVE-2018-15964).

The vulnerabilities impact 2016 (Update 6 and earlier versions) and the July 12 (2018) release of ColdFusion, along with ColdFusion 11 (Update 14 and earlier versions).

Adobe recommends end users and administrators to update their installations to ColdFusion 2018 Update 1, ColdFusion 2016 Update 7, and ColdFusion 11 Update 15.


Adobe Also Patches An important Flaw In Flash Player


Besides ColdFusion, Adobe also released a security update for 
Flash Player for Windows, macOS, Linux, and Chrome OS, addressing an "important" flaw in all for versions 30.0.0.154 and earlier for Google Chrome, Desktop Runtime, Microsoft Edge and Internet Explorer 11.

The issue is a privilege escalation vulnerability (CVE-2018-15967) that could lead to information disclosure. The company recommends Flash Player users to update to version 31.0.0.208 as soon as possible.

No comments:

Post a Comment

Which Python course is best for beginners?

Level Up Your Python Prowess: Newbie Ninjas: Don't fret, little grasshoppers! Courses like "Learn Python 3" on Codecade...