Vulnerabilities > Adobe > Coldfusion

DATE CVE VULNERABILITY TITLE RISK
2020-06-26 CVE-2020-3768 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
7.8
2020-06-26 CVE-2020-3767 Improper Input Validation vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability.
network
low complexity
adobe CWE-20
6.5
6.5
2020-03-25 CVE-2020-3794 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability.
network
low complexity
adobe CWE-829
critical
 9.8
9.8
2020-03-25 CVE-2020-3761 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability.
network
low complexity
adobe
7.5
7.5
2019-12-19 CVE-2019-8256 Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Coldfusion 2018
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability.
network
low complexity
adobe CWE-732
critical
 9.8
9.8
2019-09-27 CVE-2019-8074 Path Traversal vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability.
network
low complexity
adobe CWE-22
critical
 9.8
9.8
2019-09-27 CVE-2019-8073 Command Injection vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability.
network
low complexity
adobe CWE-77
critical
 9.8
9.8
2019-09-27 CVE-2019-8072 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability.
network
low complexity
adobe
7.5
7.5
2019-06-12 CVE-2019-7840 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2019-06-12 CVE-2019-7839 Command Injection vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability.
network
low complexity
adobe CWE-77
critical
 9.8
9.8