CVE-2021-21087: Adobe ColdFusion Remote Code Execution Vulnerability Alert

Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. On March 22, 2021, Adobe officially issued a risk notice for Adobe ColdFusion, the vulnerability number is CVE-2021-21087.

Vulnerability Detail

An unauthorized attacker sends a carefully constructed malicious request to the ColdFusion server, executes arbitrary code on the remote server, and controls the remote server.

Affected version

  • ColdFusion 2016: Update 16 and earlier version
  • ColdFusion 2018: Update 10 and earlier versions
  • ColdFusion 2021: Version 2021.0.0.323925

Solution

In this regard, we recommend that users upgrade Adobe ColdFusion to the latest version in time.