Adobe released security updates to address three severe vulnerabilities in its ColdFusion web application development platform. The two critical issues are a path traversal vulnerability, tracked as CVE-2019-8074, and a command injection flaw that can be exploited to execute arbitrary code on the target machine. The third flaw addressed by Adobe is a security bypass that can lead to information disclosure, it was rated as important The good news is that Adobe is not aware of attacks in the wild exploiting the above vulnerabilities.”]
Source: https://securityaffairs.co/wordpress/91696/security/coldfusion-critical-vulnerabilities.html