Advisory 20241224001 - Broadcast - Adobe ColdFusion Vulnerability wit…

…h PoC exploit code

docs/advisories/20241224001-Adobe-ColdFusion-Vulnerability-with-POC.md

@@ -0,0 +1,25 @@
+# Adobe Updates ColdFusion Vulnerability with Proof-of-Concept - 20241224001
+
+## Overview
+
+Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. The company says the flaw is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE                                                                                                                                      | CVSS         | Severity                                                       |
+| ------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------- |
+| ColdFusion      | versions 2023.11, 2021.17 and earlier    | [CVE-2024-53961](https://nvd.nist.gov/vuln/detail/CVE-2024-53961)                                              | 7.4          | High                                  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Adobe: <https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html>
+
+## Additional References
+
+- Bleeping Computer: <https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/>