On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.
CISA urges organizations to review Adobe ColdFusion security bulletin APSB23-52 for more information and to:
[ul]
[li]Apply the recommended updates in APSB23-52.[/li][li]Follow Adobe recommendations on ColdFusion hardening. [/li][LIST]
[li]ColdFusion 2023 Lockdown Guide[/li][li]ColdFusion 2021 Lockdown Guide[/li][/ul]
[li]Consider adding a web application firewall (WAF) filter for [ICODE]CFIDE[/ICODE] for external users.[/li][li]Consider using CISA’s Cybersecurity Incident and Vulnerability Response Playbooks for other actionable steps.[/li][/LIST]