CVE-2020-3768
Severity CVSS v4.0:
Pending analysis
Type:
CWE-426
Untrusted Search Path
Publication date:
26/06/2020
Last modified:
04/09/2020
Description
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update10:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update11:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update12:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update13:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update14:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update6:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update7:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update8:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:coldfusion:2016:update9:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page