CVE-2022-35710

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier)

Description The issue is related to a Stack-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, and it is triggered when a crafted network packet is sent to the server. This allows a remote attacker to execute arbitrary code.

Recommendations For Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier), consider restricting access to the server until a patch is available to prevent exploitation. As a temporary workaround, consider implementing network packet filtering to block crafted packets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.