Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.
The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.
Administrators are advised to upgrade their ColdFusion deployments to
version 10 update 21 or
version 11 update 10, depending on which branch they're using. The ColdFusion 2016 release is not affected, Adobe said in
a security advisory.
The vulnerability was reportedly privately to Adobe by a security researcher named Dawid Golunski, and the company is not aware of any attacks in the wild that exploit the flaw.
ColdFusion is a platform for creating and serving interactive web applications using the CFML scripting language. It is popular in the enterprise space because it allows the rapid development of applications.
