Latest Adobe Security Updates for ColdFusion

We want to increase awareness about security updates and thus are re-posting the security update details from the Adobe ColdFusion Security bulletin.

Adobe ColdFusion Security Updates
Release date: December 23, 2024

Vulnerability Details: Improper Limitation of a Pathname to a Restricted Directory (CWE-22)
Version after update: ColdFusion 2023 Update 12, ColdFusion 2021 – Update 18
Affected Versions: ColdFusion 2023 – Update 11 and earlier versions, ColdFusion 2021 – Update 17 and earlier versions
Addresses: vulnerabilities that are mentioned in the security bulletin APSB23-52


Release date: November 14, 2023

Vulnerability Details: Deserialization of Untrusted Data (CWE-502), Improper Access Control (CWE-284)
Version after update: ColdFusion 2023 Update 6, ColdFusion 2021 – Update 12
Affected Versions: ColdFusion 2023 – Update 5, ColdFusion 2021 – Update 11 and earlier versions
Addresses: vulnerabilities that are mentioned in the security bulletin APSB23-52


Release date: July 19, 2023

Vulnerability Details: Deserialization of Untrusted Data (CWE-502), Improper Access Control (CWE-284)
Version after update: ColdFusion 2023 Update 3, ColdFusion 2021 – Update 9 & ColdFusion 2018 – Update 19
Affected Versions: ColdFusion 2023 – Update 2, ColdFusion 2021 – Update 8 and earlier versions, ColdFusion 2018 – Update 18 and earlier versions
Addresses: vulnerabilities that are mentioned in the security bulletin APSB23-47 


Release date: July 14, 2023

Vulnerability Details: Deserialization of Untrusted Data (CWE-502)
Version after update: ColdFusion 2023 Update 2, ColdFusion 2021 – Update 8 & ColdFusion 2018 – Update 18
Affected Versions: ColdFusion 2023 – Update 1, ColdFusion 2021 – Update 7 and earlier versions, ColdFusion 2018 – Update 17 and earlier versions
Addresses: vulnerabilities that are mentioned in the security bulletin APSB23-41 


Release date: July 11, 2023

Vulnerability Details: Deserialization of Untrusted Data / Arbitrary Code Execution(CVE-2023-29300), Improper Access Control / Security feature bypass(CVE-2023-29298), & Improper Restriction of Excessive Authentication Attempts(CVE-2023-29301)
Version after update: ColdFusion 2023 Update 1, ColdFusion 2021 – Update 7 & ColdFusion 2018 – Update 17
Affected Versions: ColdFusion 2023, ColdFusion 2021 – Update 6 and earlier versions, ColdFusion 2018 – Update 16 and earlier versions
Addresses: vulnerabilities that are mentioned in the security bulletin APSB23-40 


Release date: Mar 14, 2023

Vulnerability Details: Deserialization of Untrusted Data (CWE-502), Improper Access Control (CWE-284), Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
Version after update: ColdFusion 2021 – Update 6 & ColdFusion 2018 – Update 16
Affected Versions: ColdFusion 2021 – Update 5 and earlier versions, ColdFusion 2018 – Update 15 and earlier versions
Addresses: vulnerabilities that are mentioned in the security bulletin APSB23-25 


Release date: Oct 11, 2022

Vulnerability Details: Stack-based Buffer Overflow, Heap-based Buffer Overflow,  Stack-based Buffer Overflow, Heap-based Buffer Overflow, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Version after update: ColdFusion 2021 – Update 5 & ColdFusion 2018 – Update 15
Affected Versions: ColdFusion 2021 – Update 4, ColdFusion 2018 – Update 14 and earlier versions.
Addresses: vulnerabilities that are mentioned in the security bulletin APSB22-44 

Conclusion

In conclusion, staying vigilant with the latest Adobe Security Hotfixes and Updates is crucial for maintaining the robust security posture of ColdFusion environments. Adobe’s commitment to addressing vulnerabilities underscores the importance of prompt application of these patches to mitigate potential risks. Regularly monitoring and implementing the latest security updates ensures that ColdFusion applications remain resilient against evolving threats.

As security is a dynamic concern, ongoing awareness and proactive engagement with Adobe’s releases are essential for safeguarding sensitive data and maintaining the integrity of ColdFusion deployments. In summary, a proactive approach to adopting the latest security hotfixes is paramount to fortifying ColdFusion against potential vulnerabilities.