2024-12-26 12:14:11 Pacfic
Adobe ColdFusion Path Traversal Vulnerability - 1d
A critical path traversal vulnerability, identified as CVE-2024-53961, has been discovered in Adobe ColdFusion versions 2023 and 2021. This flaw allows attackers to read arbitrary files from the server, potentially exposing sensitive data and configuration files. The vulnerability is a result of an improper limitation of pathnames to restricted directories. A proof-of-concept (PoC) exploit is already publicly available, significantly increasing the risk of exploitation, and making it easier for threat actors to weaponize the vulnerability. Adobe has released emergency security updates for ColdFusion to address this critical issue. Users of ColdFusion 2023 (update 11 and earlier) and ColdFusion 2021 (update 17 and earlier) are urged to immediately apply the latest patches. The company has classified this as a Priority 1 vulnerability, indicating a high risk of exploitation, and recommends that users install ColdFusion 2021 update 18 and ColdFusion 2023 update 12 within 72 hours. Organizations are also advised to implement the security configurations detailed in the ColdFusion lockdown guides to help mitigate this severe flaw.
ImgSrc: socradar.io
References:
- @screaminggoat - Adobe zero-day: CVE-2024-53961 (7.4 high) Adobe ColdFusion arbitrary file system read - 2d
- securityonline.info - PoC Exploit Emerges for Adobe ColdFusion CVE-2024-53961—Apply Security Updates Now - 2d
- Vulnerability Archives - PoC Exploit Emerges for Adobe ColdFusion CVE-2024-53961—Apply Security Updates Now - 2d
- SOCRadar - Severe Path Traversal Vulnerability in Adobe ColdFusion (CVE-2024-53961), Update Now - 2d
- Dataconomy - Adobe has issued emergency security updates for ColdFusion to fix a critical vulnerability, CVE-2024-53961, which could allow attackers to read arbitrary files. - 2d
- @BleepingComputer - Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. - 1d
- Security Archives - Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code - 1d
- ciso2ciso.com - Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code – Source: securityaffairs.com - 1d
- CISO2CISO.COM - ciso2ciso - Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code – Source: securityaffairs.com - 1d
- @jos1264 - Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code – Source: securityaffairs.com - 22h
- CISO2CISO.COM - Adobe Patches ColdFusion Flaw at High Risk of Exploitation – Source: www.securityweek.com - 20h
- osint10x.com - Severe Path Traversal Vulnerability in Adobe ColdFusion (CVE-2024-53961), Update Now - 18h
- Osint10x - Severe Path Traversal Vulnerability in Adobe ColdFusion (CVE-2024-53961), Update Now - 16h
- Security Boulevard - Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961) - 5h
Classification:
- HashTags: Adobe ColdFusion Vulnerability
- Company: Adobe
- Target: ColdFusion Servers
- Product: ColdFusion
- Feature: Path Traversal
- Type: Vulnerability
- Severity: Major