Coldfusion Security Vulnerabilities and Issues — Coldfusion CVE List

Lucene search

AdobeColdfusion

7 matches found

CVE•added 2020/07/17 12:15 a.m.•69 views

CVE-2020-9673

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

7.8CVSS7.4AI score0.00199EPSS

CVE•added 2020/06/26 9:15 p.m.•53 views

CVE-2020-3767

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).

6.5CVSS6.3AI score0.01234EPSS

CVE•added 2020/03/25 8:15 p.m.•51 views

CVE-2020-3794

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

10CVSS9.5AI score0.21113EPSS

CVE•added 2020/06/26 9:15 p.m.•50 views

CVE-2020-3796

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.

6.5CVSS6.2AI score0.03746EPSS

CVE•added 2020/06/26 9:15 p.m.•49 views

CVE-2020-3768

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

7.8CVSS7.4AI score0.00113EPSS

CVE•added 2020/07/17 12:15 a.m.•48 views

CVE-2020-9672

7.8CVSS7.4AI score0.00103EPSS

CVE•added 2020/03/25 8:15 p.m.•39 views

CVE-2020-3761

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

7.5CVSS7.3AI score0.04003EPSS