Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
[
{
"product": "Adobe ColdFusion 2016",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "update 15 and earlier versions"
}
]
},
{
"product": "Adobe ColdFusion 2018",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "update 9 and earlier versions"
}
]
}
]