Copy link to clipboard
Copied
Dear community,
We are still using CF11, which is now in Extended Support.
Obviously, we want to migrate to CF2016 or CF2018, but this is a major effort and we do not have the capacity to do it right now.
To precisely assess the risk we are currently exposed to, I need to know whether CF11, Update19 is vulnerable to the following vulnerabilities:
- CVE-2019-8072
- CVE-2019-8073
- CVE-2019-8074
Any answer will be deeply appreciated.
Kind Regards,
Copy link to clipboard
Copied
As far as I can see, the vulnerabilities relate to ColdFusion 2016 and ColdFusion 2018, not ColdFusion 11.
https://nvd.nist.gov/vuln/detail/CVE-2019-8072
Copy link to clipboard
Copied
I'd advise caution in that conclusion, BKBK. It could be merely that what they show is based on what the reference they offer to the Adobe PSBs, which may only mention CF2016 and 2018 as they are all that are officially "supported" as of the date of this report in late 2019.
glandrein, you may want to reach out to adobe directly fo clarification if they don't reply here, such as at cfinstal@adobe.com (though they may, too, only respond that they can provide info only aout CF2016 and above at this date). Finally, you may want to reach out to Pete Freitag, who is perhaps the main security maven in the CF community: pete@foundeo.com (an address he offers publicly on his foundeo.com site).