Recently presented three vulnerabilities on Adobe's ColdFusion platform. The company immediately released one update to address vulnerabilities. One of them was even considered particularly critical.
Adobe has stated that vulnerabilities affect it ColdFusion 2016 and 2018.
The update also resolves a second vulnerability, known as CVE-2019-8074, which is characterized as path traversal vulnerability. Attackers can take advantage of this vulnerability to bypass access control systems. If they manage to bypass the controls, hackers will be able to do various things, such as execute malicious code.
The third vulnerability is called CVE-2019-8072. Vulnerability also allows for bypassing her security and the theft of personal information.
The vulnerabilities were discovered by foundeo researchers and Knownsec 404. Adobe made sure to thank them researchers.
Adobe advises users of the ColdFusion platform to install the new update as quickly as possible. ColdFusion 2016 users will need to install it Update 12, while users of ColdFusion 2018 should use Update 5.
Adobe is not the only company to release updates this week. THE Microsoft products also issued an emergency update to resolve critical security errors. The first vulnerability is known as CVE-2019-1367, located on the Internet Explore and allows remote code execution. The second vulnerability, CVE-2019-1255, is a denial-of-service error in the antivirus service, Microsoft Defender. The second vulnerability is less serious, because to be used, hackers must first access the system.