Untrusted Data Deserialization Vulnerability in Adobe ColdFusion
CVE-2017-11283

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Coldfusion Update 4 And Earlier Versions For Coldfusion 2016 Release. Update 12 And Earlier Versions For Coldfusion 11.
Vendor: CVE Published:; 1 December 2017

Summary

Adobe ColdFusion is affected by a vulnerability that allows for untrusted data deserialization, potentially enabling attackers to execute arbitrary code or manipulate application behavior. This impacts ColdFusion 2016 versions prior to Update 4 and ColdFusion 11 versions prior to Update 12, rendering applications susceptible to risks associated with malicious payloads. Ensuring that services are updated and applying necessary patches can mitigate these risks and enhance the security posture of applications utilizing ColdFusion.

Affected Version(s)

Adobe ColdFusion Update 4 and earlier for ColdFusion 2016 release. Update 12 and earlier for ColdFusion 11. Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.