Quote:In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications.
The security alert comes two weeks after Adobe’s regularly-scheduled updates. During these updates, the tech company issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.
The latest flaw (CVE-2021-21087) exists in ColdFusion versions 2016 (Update 16 and earlier), 2018 (Update 10 and earlier) and 2021 (Version 2021.0.0.323925), and could lead to arbitrary code execution.
“Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates,” according to Adobe on Monday.
The vulnerability stems from improper input validation, which is a type of issue (previously plaguing other Adobe products) that occurs when the affected product does not validate input. This can affect the control flow or data flow of a program, and allow for an attacker to launch a slew of malicious attacks. Further information on the flaw – including where in ColdFusion it exists, and how difficult it is to exploit, were not addressed; Threatpost has reached out to Adobe for further comment.
Read more: Adobe Fixes Critical ColdFusion Flaw in Emergency Update | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
