Adobe Systems released hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms, officials said.
The flaw (CVE-2016-4264) occurs during the parsing of crafted XML entities, according to an Adobe security bulletin.
Adobe has classified the threat as “Priority 2,” meaning the product has historically been at an elevated risk of attack, although an exploit is not likely imminent.
To resolve the issue, Adobe advised its customers to install Update 10 for ColdFusion 11 and Update 21 for ColdFusion 10, as well as to follow all recommended security configuration settings.
The ColdFusion 2016 release does not suffer from the vulnerability, Adobe said.