CISA Activity - Adobe Releases Security Updates for ColdFusion

[CISA]

On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.

CISA urges organizations to review Adobe ColdFusion security bulletin APSB23-52 for more information and to:

• Apply the recommended updates in APSB23-52.
• Follow Adobe recommendations on ColdFusion hardening. 
  • ColdFusion 2023 Lockdown Guide
  • ColdFusion 2021 Lockdown Guide
• Consider adding a web application firewall (WAF) filter for CFIDE for external users.
• Consider using CISA’s Cybersecurity Incident and Vulnerability Response Playbooks for other actionable steps.

Continue reading...