Patch/Configuration Management, Vulnerability Management

Adobe issues security updates to address ColdFusion vulnerability

Adobe released security updates on Thursday to address an important vulnerability in ColdFusion versions 11 and 10.

“This hotfix resolves an issue associated with the parsing of crafted XML external entities in BlazeDS that could lead to information disclosure (CVE-2015-3269),” Adobe said in a security bulletin, crediting Matthias Kaiser of Code White with reporting the vulnerability.

Users are advised to update to ColdFusion 11 Update 6 and ColdFusion 10 Update 17, both of which include an updated version of BlazeDS, the security bulletin said, noting that all previous ColdFusion versions are affected.

Adobe deemed the issue important in severity because the vulnerability can be exploited to compromise data security. The software company also rated the update Priority 2, meaning there are currently no known exploits.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.