Adobe ColdFusion 2016 is a commercial rapid web application development platform created by J. J. Allaire in 1995. It's associated with the CFML scripting language, which is used to build dynamic, scalable, Internet applications. It's primarily used to create data-driven websites.

Adobe ColdFusion 2016

Adobe ColdFusion 2018 is a commercial Rapid Web Application Development Platform created by Adobe Systems. It is used for designing and development of web applications, with a focus on speed, scalability and productivity. It incorporates a scripting language known as ColdFusion Markup Language (CFML) for database interactions, server-side scripting and generation of dynamic web content.

Adobe ColdFusion 2018

Adobe ColdFusion 2021 is a commercial enterprise-level web application development platform from Adobe Systems, predominantly used for the development of data-driven websites. It provides a scripting language, CFML, for back-end programming, along with features to integrate databases, execute system administration tasks, and develop rich content. This version was released in 2021 and brings about enhancements to speed, scalability, and security over its predecessors.

Adobe ColdFusion 2021

Adobe ColdFusion is an application server and a platform for building and deploying web and mobile applications. Use ColdFusion to create dynamic internet applications. ColdFusion is a rapid scripting environment for creating dynamic internet applications using ColdFusion Markup Language (CFML).

Adobe ColdFusion

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2023-26360	CRITICAL	9.8	Adobe ColdFusion 2016	cpe:2.3:a:adobe:coldfusion	Yes	Yes	Mar 23, 2023
CVE-2020-9673	HIGH	7.8	Adobe ColdFusion 2016	cpe:2.3:a:adobe:coldfusion	No	Yes	Jul 17, 2020
CVE-2020-9672	HIGH	7.8	Adobe ColdFusion 2016	cpe:2.3:a:adobe:coldfusion	No	Yes	Jul 17, 2020
CVE-2020-3796	MEDIUM	6.5	Adobe ColdFusion 2016	cpe:2.3:a:adobe:coldfusion	No	Yes	Jun 26, 2020
CVE-2021-21087	MEDIUM	5.4	Adobe ColdFusion 2016	cpe:2.3:a:adobe:coldfusion	No	Yes	Apr 15, 2021

CVE-2023-26360:
Adobe ColdFusion 2016 vulnerability analysis and mitigation

9.8

Related Adobe ColdFusion 2016 vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2023-26360: Adobe ColdFusion 2016 vulnerability analysis and mitigation