CVE-2022-35712

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier)

Description The issue is a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, and it is triggered when a crafted network packet is sent to the server. This allows a remote attacker to execute arbitrary code.

Recommendations For Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier), consider restricting access to the server until a patch is available to prevent exploitation. As a temporary workaround, disabling the ODBC Agent may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.