Service Notices
Adobe ColdFusion Remote Code Execution Vulnerability (CVE-2021-21087)
Mar 25, 2021 GMT+08:00
I. Overview
Adobe has officially disclosed the ColdFusion remote code execution vulnerability (CVE-2021-21087). In certain ColdFusion versions, attacks can exploit input verification defects to remotely execute code.
Adobe ColdFusion is a commercial rapid web-application development computing platform. If you are an Adobe ColdFusion user, check your service version and implement timely security hardening.
For more information about this vulnerability, visit the following website:
https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
Adobe ColdFusion 2021: Version 2021.0.0.323925 and earlier
Adobe ColdFusion 2018: Version Update 10 and earlier
Adobe ColdFusion 2016: Version Update 16 and earlier
Secure versions:
Adobe ColdFusion 2021 Update 1
Adobe ColdFusion 2018 Update 11
Adobe ColdFusion 2016 Update 17
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.
Adobe ColdFusion 2021 Update 1
Adobe ColdFusion 2018 Update 11
Adobe ColdFusion 2016 Update 17
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.