CF11, Update 19 - CVE-2019-8072, CVE-2019-8073, CVE-2019-8074

Forum|Forum|6 years ago
October 15, 2019
1 reply
225 views

Dear community,

We are still using CF11, which is now in Extended Support.

Obviously, we want to migrate to CF2016 or CF2018, but this is a major effort and we do not have the capacity to do it right now.

To precisely assess the risk we are currently exposed to, I need to know whether CF11, Update19 is vulnerable to the following vulnerabilities:

- CVE-2019-8072

- CVE-2019-8073

- CVE-2019-8074

Any answer will be deeply appreciated.

Kind Regards,

This topic has been closed for replies.

BKBK

Community Expert

As far as I can see, the vulnerabilities relate to ColdFusion 2016 and ColdFusion 2018, not ColdFusion 11.

https://nvd.nist.gov/vuln/detail/CVE-2019-8072

https://nvd.nist.gov/vuln/detail/CVE-2019-8073

https://nvd.nist.gov/vuln/detail/CVE-2019-8074

Charlie Arehart

Community Expert

I'd advise caution in that conclusion, BKBK. It could be merely that what they show is based on what the reference they offer to the Adobe PSBs, which may only mention CF2016 and 2018 as they are all that are officially "supported" as of the date of this report in late 2019.

glandrein, you may want to reach out to adobe directly fo clarification if they don't reply here, such as at cfinstal@adobe.com (though they may, too, only respond that they can provide info only aout CF2016 and above at this date). Finally, you may want to reach out to Pete Freitag, who is perhaps the main security maven in the CF community: pete@foundeo.com (an address he offers publicly on his foundeo.com site).

/Charlie (troubleshooter, carehart. org)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded