Vulnerabilities > Adobe > Coldfusion

DATE CVE VULNERABILITY TITLE RISK
2021-04-15 CVE-2021-21087 Unspecified vulnerability in Adobe Coldfusion 2016/2018/2021.0.0.323925
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability.
network
low complexity
adobe
5.4
5.4
2020-07-17 CVE-2020-9673 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
7.8
2020-07-17 CVE-2020-9672 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
7.8
2020-06-26 CVE-2020-3796 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability.
network
low complexity
adobe
6.5
6.5
2020-06-26 CVE-2020-3768 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
7.8
2020-06-26 CVE-2020-3767 Improper Input Validation vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability.
network
low complexity
adobe CWE-20
6.5
6.5
2020-03-25 CVE-2020-3794 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability.
network
low complexity
adobe CWE-829
critical
 9.8
9.8
2020-03-25 CVE-2020-3761 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability.
network
low complexity
adobe
7.5
7.5
2019-12-19 CVE-2019-8256 Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Coldfusion 2018
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability.
network
low complexity
adobe CWE-732
critical
 9.8
9.8
2019-09-27 CVE-2019-8074 Path Traversal vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability.
network
low complexity
adobe CWE-22
critical
 9.8
9.8