Adobe patches critical vulnerability in ColdFusion application server
Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.
The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.
Administrators are advised to upgrade their ColdFusion deployments to version 10 update 21 or version 11 update 10, depending on which branch they’re using. The ColdFusion 2016 release is not affected, Adobe said in a security advisory.