Critical Vulnerabilities in Adobe ColdFusion

Adobe has released security updates to address critical vulnerabilities (CVE-2023-26359 and CVE-2023-26360) in ColdFusion. 

The critical vulnerabilities are:

• CVE-2023-26359: An insecure deserialisation vulnerability could allow a remote attacker to execute arbitrary code.

• CVE-2023-26360: An improper access control vulnerability could allow remote attackers to execute arbitrary code.
  

The following versions of Adobe ColdFusion are affected:

• ColdFusion 2018 versions 15 and earlier

• ColdFusion 2021 versions 5 and earlier
  

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html