SecurityWeek

Adobe Patches Critical Apache Tika Bug in ColdFusion

Adobe released 11 security bulletins for 25 vulnerabilities, including a critical code execution bug in ColdFusion.
SecurityWeek

Adobe ColdFusion Servers Targeted in Coordinated Campaign

GreyNoise says a recently observed Adobe ColdFusion exploitation campaign is linked to a massive initial access broker operation.

Patch now! Attacks on Adobe ColdFusion and Fortinet firewalls observed

Currently, attackers are targeting a five-year-old vulnerability in Fortinet firewalls. The vulnerabilities in ColdFusion are ...
Threat Post

Patched ColdFusion Flaw Exposes Applications to Attack

Adobe pushed hotfixes to ColdFusion 11 and 10 installations addressing a XXE vulnerability that can be exploited processing OOXML documents. An Adobe ColdFusion vulnerability addressed Tuesday in a ...
Bleeping Computer

CISA warns of Adobe ColdFusion bug exploited as a zero-day

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. This critical arbitrary code execution flaw ...
ZDNet

ColdFusion's Java connection

Macromedia calls CFML "a scripting layer for J2EE." The ability to integrate Java into ColdFusion provides all sorts of opportunities, including access to freely and commercially available Java ...