First published: Fri Dec 01 2017(Updated: )
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | =11.0 | |
Adobe ColdFusion | =11.0-update1 | |
Adobe ColdFusion | =11.0-update10 | |
Adobe ColdFusion | =11.0-update11 | |
Adobe ColdFusion | =11.0-update12 | |
Adobe ColdFusion | =11.0-update2 | |
Adobe ColdFusion | =11.0-update3 | |
Adobe ColdFusion | =11.0-update4 | |
Adobe ColdFusion | =11.0-update5 | |
Adobe ColdFusion | =11.0-update6 | |
Adobe ColdFusion | =11.0-update7 | |
Adobe ColdFusion | =11.0-update8 | |
Adobe ColdFusion | =11.0-update9 | |
Adobe ColdFusion | =2016 | |
Adobe ColdFusion | =2016-update1 | |
Adobe ColdFusion | =2016-update2 | |
Adobe ColdFusion | =2016-update3 | |
Adobe ColdFusion | =2016-update4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11284 has a severity rating of important, indicating that it poses a significant security risk.
To fix CVE-2017-11284, you need to upgrade to the latest version of Adobe ColdFusion which is not affected by this vulnerability.
CVE-2017-11284 affects ColdFusion 2016 Update 4 and earlier, as well as ColdFusion 11 Update 12 and earlier.
CVE-2017-11284 is an Untrusted Data Deserialization vulnerability.
If not remediated, CVE-2017-11284 may allow an attacker to execute arbitrary code on the affected ColdFusion server.