Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. BleepingComputer was told by Knownsec and Foundeo that the vulnerabilities were discovered through their own research and not seen exploited in the wild. To resolve these vulnerabilities, Adobe suggests that users update to ColdFusions 2018 Update 5 and 2016 Update 12. The vulnerabilities details can be seen below.
Source: https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-coldfusion/