There has been found a privilege escalation vulnerability in Adobe ColdFusion. The cause of vulnerability is that ColdFusion installer fails to properly set ACLs (access-control lists) on the default installation directory such as C:\ColdFusion2021. By exploiting the vulnerability it may be possible to run arbitrary code with SYSTEM privileges in Windows system with vulnerable ColdFusion version installed.
Solution is to use the ColdFusion Server Auto-Lockdown installer. More information available here.
Solution is to use the ColdFusion Server Auto-Lockdown installer. More information available here.
No comments:
Post a Comment