Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications. The latest flaw (CVE-2021-21087) exists in versions 2016 (Update 16 and earlier), 2018 (Update 10 and earlier) and 2021 (Version 2021.0.323925) Adobe credited Josh Lane with discovering and reporting the flaw. The tech company issued updates to fix two critical flaws in its product in April, which if exploited, could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks.
Source: https://threatpost.com/adobe-critical-coldfusion-flaw-update/164946/