Monday, July 6, 23:31 p.m.
Home security Adobe: ColdFusion platform release update to release critical vulnerabilities

Adobe: ColdFusion platform release update to release critical vulnerabilities

AdobeRecently presented three vulnerabilities on Adobe's ColdFusion platform. The company immediately released one update to address vulnerabilities. One of them was even considered particularly critical.

Adobe has stated that vulnerabilities affect it ColdFusion 2016 and 2018.

The updated version released on Tuesday, September 24. The company has made the necessary corrections to prevent possible malware code, the bypass control access and leaks data.

The first vulnerability, the one that has been characterized as critical, has been named CVE-2019-8073. That particular error security can allow hackers to execute malicious code.

The update also resolves a second vulnerability, known as CVE-2019-8074, which is characterized as path traversal vulnerability. Attackers can take advantage of this vulnerability to bypass access control systems. If they manage to bypass the controls, hackers will be able to do various things, such as execute malicious code.

The third vulnerability is called CVE-2019-8072. Vulnerability also allows for bypassing her security and the theft of personal information.

The vulnerabilities were discovered by foundeo researchers and Knownsec 404. Adobe made sure to thank them researchers.

Adobe advises users of the ColdFusion platform to install the new update as quickly as possible. ColdFusion 2016 users will need to install it Update 12, while users of ColdFusion 2018 should use Update 5.

Adobe is not the only company to release updates this week. THE Microsoft also issued an emergency update to resolve critical security errors. The first vulnerability is known as CVE-2019-1367, located on the Internet Explore and allows remote code execution. The second vulnerability, CVE-2019-1255, is a denial-of-service error in the antivirus service, Microsoft Defender. The second vulnerability is less serious, because to be used, hackers must first access the system.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Windows 10 2004: Unauthorized settings "block" the upgrade

Users report that they have a problem with Windows 10, since they are excluded from the application of the May 2020 update, when they manually attempt to ...
00:02:04

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...