Lucene search

[email protected]CVE-2020-3761

HistoryMar 25, 2020 - 8:15 p.m.

CVE-2020-3761

2020-03-2520:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-3761

coldfusion

remote file read

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.6%

JSON

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

VendorProductVersionCPE
adobecoldfusion*cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
adobecoldfusion*cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	coldfusion	*	cpe:2.3:a:adobe:coldfusion::::::::
adobe	coldfusion	*	cpe:2.3:a:adobe:coldfusion::::::::

References

helpx.adobe.com/security/products/coldfusion/apsb20-16.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2020-3761

thn1 prion1 nessus1 adobe1 threatpost2