The host is installed with Adobe ColdFusion 11 before Update 19, 2016 before Update 11 or 2018 before Update 4 and is prone to a deserialization of untrusted data vulnerability. A flaw is present in the application, which fails to handle the unspecified vectors. Successful exploitation allows remote attackers to cause arbitrary code execution.