Adobe Releases Security Updates for ColdFusion

Adobe released security updates for ColdFusion versions 10, 11, and the 2016 release to address an input validation flaw, CVE-2017-3008, that could be used in reflected cross-site scripting (XSS) attacks that may allow a remote attacker to take control of an affected website. The update also includes a patch for a Java deserialization vulnerability, CVE-2017-3066, in Apache BlazeDS. The NJCCIC recommends all users and administrators review the Adobe Security Bulletin and apply the necessary updates.