On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.
CISA urges organizations to review Adobe ColdFusion security bulletin APSB23-52 for more information and to:
- Apply the recommended updates in APSB23-52.
- Follow Adobe recommendations on ColdFusion hardening.
- ColdFusion 2023 Lockdown Guide
- ColdFusion 2021 Lockdown Guide
- Consider adding a web application firewall (WAF) filter for
CFIDEfor external users. - Consider using CISA’s Cybersecurity Incident and Vulnerability Response Playbooks for other actionable steps.