Vulnerabilities > CVE-2020-3761 - Unspecified vulnerability in Adobe Coldfusion 2016/2018
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 22 |
Nessus
| NASL family | Windows |
| NASL id | COLDFUSION_WIN_APSB20-16.NASL |
| description | The version of Adobe ColdFusion installed on the remote Windows host is prior to 2016.x update 14 or 2018.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-16 advisory. - Remote file read potentially leading to Arbitrary file read from the Coldfusion install directory (CVE-2020-3761) - File inclusion potentially leading to Arbitrary code execution of files located in the webroot or its subdirectory (CVE-2020-3794) Note that Nessus has not tested for this issue but has instead relied only on the application |
| last seen | 2020-04-18 |
| modified | 2020-03-20 |
| plugin id | 134765 |
| published | 2020-03-20 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/134765 |
| title | Adobe ColdFusion 2016.x < 2016u14 / 2018.x < 2018u8 Multiple Vulnerabilities (APSB20-16) |
The Hacker News
| id | THN:9D30339333E2FBA54806C901C74A269B |
| last seen | 2020-03-18 |
| modified | 2020-03-18 |
| published | 2020-03-18 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2020/03/adobe-software-update.html |
| title | Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion |