Adobe ColdFusion Arbitrary Code Execution CVE-2021-21087 Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Adobe ColdFusion Arbitrary Code Execution CVE-2021-21087 Scanner Detail

Adobe's emergency updates patch an arbitrary code execution security flaw caused by an Improper Input Validation software vulnerability.

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction.

Some Advice for Common Problems

  1. Adobe recommends administrators install the security updates as soon as possible and apply the security configuration settings outlined in the ColdFusion 2021, ColdFusion 2018, and ColdFusion 2016 lockdown guides.
  2. Adobe recommends updating your ColdFusion JDK/JRE to the latest version of the LTS releases for 1.8 and JDK 11

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service