Published: 27/09/2019 Updated: 04/09/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

ColdFusion 2018- update 4 and previous versions and ColdFusion 2016- update 11 and previous versions have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe coldfusion 2016
adobe coldfusion 2018

Hot patches for ColdFusion: Adobe drops trio of fixes for three serious flaws

The Register • Shaun Nichols in San Francisco • 25 Sep 2019

While you're at it, fix Java too It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes

Adobe has released an update to clean up a trio of vulnerabilities in ColdFusion, its long-running web application platform. The security update addresses three CVE-listed vulnerabilities discovered in both ColdFusion 2016 and ColdFusion 2018. Two of the bugs open up the software to critical remote code execution risks, while the third flaw allows less serious information disclosure. The first of the critical bugs has been assigned CVE-2019-8073. The flaw is described as a command injection issu...

CVE-2019-8074

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect