This page says Adobe only supports ColdFusion 9 and 10, http://www.adobe.com/support/programs/policies/supported.html .
This page mentions some security problems for ColdFusion 9 and 10, http://www.adobe.com/support/security/advisories/apsa13-01.html .
We use version 8. Do you know if Adobe would report the security problems for an unsupported version - could version 8 have the vulnerabilities mentioned in the second link above ?
I'm not sure how it affects CF8, but you could still follow the mitigation recommendations without needing a patch.
You could also follow some of the lockdown guides and see how they apply to CF8.