Adobe ColdFusion, JRun updated for critical issues

By
Follow google news

More patches for the web design and development platform.

Adobe has issued an advisory for seven critical vulnerabilities in its web design and development platforms, ColdFusion and JRun.

The vulnerabilities, which affect ColdFusion versions 8.0.1 and earlier, and JRun 4.0, could result in user accounts or an affected system being compromised.

"Adobe is not currently aware of any exploits in the wild for the security vulnerabilities fixed in this release," according to an Adobe Product Security Incident Response Team blog post.

Several cross-site scripting bugs in ColdFusion could potentially lead to code execution. Other bugs in ColdFusion addressed in the update could lead to information disclosure or privilege escalation, Adobe said in its security bulletin.

In addition, issues with the management console for JRun could potentially lead to information disclosure or code execution.

In July, Adobe fixed a zero-day vulnerability in ColdFusion, which was being used to compromise ColdFusion websites.


Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
adobecoldfusioncriticalflawpatchsecurityupdatevulnerability

Sponsored Whitepapers

1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it
The biggest AI opportunities are still ahead
The biggest AI opportunities are still ahead
AI workflows vs. AI agents: From automation to autonomy
AI workflows vs. AI agents: From automation to autonomy
Context engineering with hybrid search for agentic AI
Context engineering with hybrid search for agentic AI
Building search in the age of generative AI: A blueprint for success
Building search in the age of generative AI: A blueprint for success

Events

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Medibank reveals attack vector and cost of 2022 security breach

Medibank reveals attack vector and cost of 2022 security breach
GitHub compromised, allegedly by TeamPCP

GitHub compromised, allegedly by TeamPCP
USB stick opens Windows BitLocker drives in new zero-day

USB stick opens Windows BitLocker drives in new zero-day
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?