Adobe released updates to address this issue in ColdFusion Update 14 and earlier, ColdFusion Update 4 and earlier, ColdFusion MX Update 14 and earlier, ColdFusion CC Update 14 and earlier, ColdFusionDesktop Update 14 and earlier, ColdFusion Enterprise 9.0.1 and earlier, and ColdFusion Enterprise 8.5.1 and earlier. Adobe recommends upgrading to the most current version of ColdFusion. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue.
What to do if you are currently using ColdFusion versions Update 14 or earlier
Adobe recommends that you upgrade to a version of ColdFusion that is not affected by this vulnerability. If you are using a version of ColdFusion that is not affected by this vulnerability, please update your software to the most current version. For more information on which versions of ColdFusion are affected, see https://www.adobe.com/security/products/coldfusion/.
Mitigation Strategies
- Use the "CVE-2022-38421" alert to help identify vulnerabilities that may be present in your organization's ColdFusion installations.
- Ensure your ColdFusion installation is up to date with the latest patches.
Mitigation Strategies:
Adobe has released updates to address this issue.
The proposed Mitigation Strategies are:
- Upgrade to Adobe ColdFusion version Update 15 (and later) or Update 16 (and later).
- Apply the Microsoft Windows patches listed in the Microsoft Security Bulletin MS17-010.
What is the Adobe ColdFusion vulnerability?
A vulnerability exists in ColdFusion versions Update 15 (and later) and Update 16 (and later) that allows an attacker to read files from disk or possibly execute code remotely.
This issue affects the following versions of ColdFusion:
ColdFusion 14.0.0, ColdFusion 14.0.1, ColdFusion 14.0.2, ColdFusion 14.0.3, ColdFusion 14.0.4, ColdFusion 14.1
ColdFusion 15+
ColdFusion MX 9+
ColdFusion 10+
ColdFusion 8+
How to Detect ColdFusion Version and Upgrade to Latest
ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versions Update 15 (and later) and Update 16 (and later) are not affected by this issue. Adobe ColdFusion versionsUpdate 15 (and later) andUpdate 16(andlater))arenotaffectedbythissituation!
Timeline
Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC