The vulnerability is identified as CVE-2013-3336 and affects ColdFusion 10, 9.0.2 and earlier versions for Windows, Macintosh and UNIX. The company credited Marcin Siedlarz of Symantec’s Security Response team with reporting the issue. Adobe is working on a fix and expects to release it publicly on May 14. Customers are advised to restrict public access to certain sensitive directories like CFIDE/administrator. In April, Linode reported that hackers gained access to its Web server and customer database by exploiting a previously unknown vulnerability.”]