Hotfixes were released for different ColdFusion versions Adobe released security patches for its ColdFusion application server on Tuesday, addressing four critical vulnerabilities that have been actively exploited by attackers since the beginning of January.The company published a security advisory about the four vulnerabilities, identified as CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, and CVE-2013-0632, on Jan. 4 and said at the time that it was aware of these flaws being exploited in attacks against its customers.[ The Web browser is your portal to the world — and the gateway for security threats. InfoWorld’s expert contributors show you how to secure your Web browsers. Download the free PDF today! | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ] Two of the vulnerabilities allows attackers to bypass the normal authentication restrictions of a ColdFusion application server in order to gain administrative access. Another flaw allows unauthorized users to access restricted directories, while the fourth can result in information disclosure on a compromised ColdFusion server.On Tuesday, Adobe released hotfixes for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company recommends that customers update their installations using the instructions provided in a help document for their respective product version.Adobe classified these vulnerabilities as critical and assigned a priority rating of 1 — the highest available — to the released hotfixes. CareersPatch Management Software