From threatpost.com
Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of ColdFusion.
Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems.
Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of the ColdFusion commercial rapid web-application development platform.
“Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin,” said Adobe in its Tuesday alert.