wagov · DamoOne · Dec 24, 2024 · Dec 24, 2024 · Dec 24, 2024
diff --git a/docs/advisories/20241224001-Adobe-ColdFusion-Vulnerability-with-POC.md b/docs/advisories/20241224001-Adobe-ColdFusion-Vulnerability-with-POC.md
@@ -0,0 +1,25 @@
+# Adobe Updates ColdFusion Vulnerability with Proof-of-Concept - 20241224001
+
+## Overview
+
+Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. The company says the flaw is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s)                            | CVE                                                               | CVSS | Severity |
+| ------------------- | ------------------------------------- | ----------------------------------------------------------------- | ---- | -------- |
+| ColdFusion          | versions 2023.11, 2021.17 and earlier | [CVE-2024-53961](https://nvd.nist.gov/vuln/detail/CVE-2024-53961) | 7.4  | High     |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Adobe: <https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html>
+
+## Additional References
+
+- Bleeping Computer: <https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/>