Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems. The flaws were discovered by researchers with the Knownsec 404 Team and Daniel Underhay of Aura Information Security. The updates have a priority rating of 2, meaning that it addresses vulnerabilities in a product that has historically been at elevated risk There are currently no known exploits for these flaws.
Source: https://threatpost.com/adobe-unscheduled-update-fixes-critical-coldfusion-flaws/148616/