Adobe has released security updates to address critical vulnerabilities (CVE-2023-26359 and CVE-2023-26360) in ColdFusion.
The critical vulnerabilities are:
- CVE-2023-26359: An insecure deserialisation vulnerability could allow a remote attacker to execute arbitrary code.
- CVE-2023-26360: An improper access control vulnerability could allow remote attackers to execute arbitrary code.
The following versions of Adobe ColdFusion are affected:
- ColdFusion 2018 versions 15 and earlier
- ColdFusion 2021 versions 5 and earlier
Users and administrators of affected product versions are advised to update to the latest versions immediately.
More information is available here:
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html