CVE-2024-53961

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2023.11, 2021.17 and earlier

Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability. This could allow an attacker to access files or directories outside of the restricted directory set by the application, potentially leading to the disclosure of sensitive information or the manipulation of system data. It is estimated that over 8.5 million services are potentially affected. A proof-of-concept exploit code is available, and experts warn of potential attacks.

Recommendations: For ColdFusion versions 2023.11, 2021.17 and earlier: Apply the out-of-band security updates released by Adobe to address the critical path traversal vulnerability. As a temporary workaround, consider restricting access to sensitive files and directories until the patch is applied.