Adobe ColdFusion, JRun updated for critical issues

By
Follow google news

More patches for the web design and development platform.

Adobe has issued an advisory for seven critical vulnerabilities in its web design and development platforms, ColdFusion and JRun.

The vulnerabilities, which affect ColdFusion versions 8.0.1 and earlier, and JRun 4.0, could result in user accounts or an affected system being compromised.

"Adobe is not currently aware of any exploits in the wild for the security vulnerabilities fixed in this release," according to an Adobe Product Security Incident Response Team blog post.

Several cross-site scripting bugs in ColdFusion could potentially lead to code execution. Other bugs in ColdFusion addressed in the update could lead to information disclosure or privilege escalation, Adobe said in its security bulletin.

In addition, issues with the management console for JRun could potentially lead to information disclosure or code execution.

In July, Adobe fixed a zero-day vulnerability in ColdFusion, which was being used to compromise ColdFusion websites.


Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
adobecoldfusioncriticalflawpatchsecurityupdatevulnerability

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Medibank reveals attack vector and cost of 2022 security breach

Medibank reveals attack vector and cost of 2022 security breach
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?