Vulnerabilities > CVE-2020-3794 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 22 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | COLDFUSION_WIN_APSB20-16.NASL |
| description | The version of Adobe ColdFusion installed on the remote Windows host is prior to 2016.x update 14 or 2018.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-16 advisory. - Remote file read potentially leading to Arbitrary file read from the Coldfusion install directory (CVE-2020-3761) - File inclusion potentially leading to Arbitrary code execution of files located in the webroot or its subdirectory (CVE-2020-3794) Note that Nessus has not tested for this issue but has instead relied only on the application |
| last seen | 2020-04-18 |
| modified | 2020-03-20 |
| plugin id | 134765 |
| published | 2020-03-20 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/134765 |
| title | Adobe ColdFusion 2016.x < 2016u14 / 2018.x < 2018u8 Multiple Vulnerabilities (APSB20-16) |