CVE-2021-21087: Adobe ColdFusion Remote Code Execution Vulnerability Alert
Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. On March 22, 2021, Adobe officially issued a risk notice for Adobe ColdFusion, the vulnerability number is CVE-2021-21087.
Vulnerability Detail
An unauthorized attacker sends a carefully constructed malicious request to the ColdFusion server, executes arbitrary code on the remote server, and controls the remote server.
Affected version
- ColdFusion 2016: Update 16 and earlier version
- ColdFusion 2018: Update 10 and earlier versions
- ColdFusion 2021: Version 2021.0.0.323925
Solution
In this regard, we recommend that users upgrade Adobe ColdFusion to the latest version in time.
