Your one-stop web resource providing safety and security information to manufacturers

Adobe Systems released hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms, officials said.

The flaw (CVE-2016-4264) occurs during the parsing of crafted XML entities, according to an Adobe security bulletin.

Adobe Patches Vulnerabilities
Adobe Patches Zero Day Hole
APT Group Leverages Flash Zero Day
Exploit Kit Leverages Flash Zero Day

Adobe has classified the threat as “Priority 2,” meaning the product has historically been at an elevated risk of attack, although an exploit is not likely imminent.

To resolve the issue, Adobe advised its customers to install Update 10 for ColdFusion 11 and Update 21 for ColdFusion 10, as well as to follow all recommended security configuration settings.

Cyber Security

The ColdFusion 2016 release does not suffer from the vulnerability, Adobe said.

Pin It on Pinterest

Share This