Vulnerabilities > Adobe > Coldfusion > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-45113 Improper Authentication vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.
network
low complexity
adobe CWE-287
7.5
2024-03-18 CVE-2024-20767 Unspecified vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
high complexity
adobe
7.4
2023-09-07 CVE-2021-40698 Unspecified vulnerability in Adobe Coldfusion
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??.
network
low complexity
adobe
7.4
2023-09-07 CVE-2021-40699 Unspecified vulnerability in Adobe Coldfusion
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path.
network
low complexity
adobe
7.4
2023-07-12 CVE-2023-29298 Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
7.5
2021-05-27 CVE-2020-10145 Incorrect Default Permissions vulnerability in Adobe Coldfusion 2016/2018/2021
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\.
local
low complexity
adobe CWE-276
7.8
2020-07-17 CVE-2020-9673 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
2020-07-17 CVE-2020-9672 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
2020-06-26 CVE-2020-3768 Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability.
local
low complexity
adobe CWE-426
7.8
2020-03-25 CVE-2020-3761 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability.
network
low complexity
adobe
7.5