Adobe ColdFusion Remote Code Execution Vulnerability (CVE-2021-21087)
Mar 25, 2021 GMT+08:00
Adobe has officially disclosed the ColdFusion remote code execution vulnerability (CVE-2021-21087). In certain ColdFusion versions, attacks can exploit input verification defects to remotely execute code.
Adobe ColdFusion is a commercial rapid web-application development computing platform. If you are an Adobe ColdFusion user, check your service version and implement timely security hardening.
For more information about this vulnerability, visit the following website:
(Severity: low, moderate, important, and critical)
III. Affected Products
Adobe ColdFusion 2021: Version 2021.0.0.323925 and earlier
Adobe ColdFusion 2018: Version Update 10 and earlier
Adobe ColdFusion 2016: Version Update 16 and earlier
Adobe ColdFusion 2021 Update 1
Adobe ColdFusion 2018 Update 11
Adobe ColdFusion 2016 Update 17
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.