CVE-2017-3066 - Adobe ColdFusion Deserialization Vulnerability
Adobe | ColdFusion
- Date Added:
- 2025-02-24
- Due Date:
- 2025-03-17
- Vulnerability Name
Adobe ColdFusion Deserialization Vulnerability
- Description
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2017-3066
Free online web security scanner