Copy link to clipboard
Copied
[cf]\cfusion\wwwroot\cf_scripts\scripts\ajax\ckeditor
Our internal vulnerabity scan refers to the above folder (ckeditor) in the ColdFusion 2021 installation path as vulnerable which is also mapped to the webiste as a virutual directory. How can we fix this issue and pass the vulnerability test.
Copy link to clipboard
Copied
What is your ColdFusion 2021's update level? I ask because recent ColdFusion 2021 hotfixes, such as Update 13, contain hotfixes for CKEditor.
You should, in any case, update ColdFusion 2021 to the latest level, which is 17. Then see what your vulnerability scan says.
Copy link to clipboard
Copied
Hi @brado70491931 As @BKBK mentioned, please check what update level your ColdFusion is on, if it is not the latest update, please update the server to the latest one which is Update 17. https://helpx.adobe.com/in/coldfusion/kb/coldfusion-2021-update-17.html
So far we have not yet received any issues from any scanner which is flagging this directory.