PT-2020-5384 · Adobe · Coldfusion

Published

2020-07-14

Updated

2020-09-04

CVE-2020-9672

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2016 update 15 Adobe ColdFusion 2018 versions prior to update 9

Description The issue is related to incorrect handling of the path to DLL libraries, which could allow an attacker to escalate their privileges. Successful exploitation of this issue may lead to privilege escalation.

Recommendations For Adobe ColdFusion 2016, update to a version later than update 15. For Adobe ColdFusion 2018, update to a version later than update 9.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2021-00400

CVE-2020-9672

Affected Products

Coldfusion

PT-2020-5384 · Adobe · Coldfusion

CVE-2020-9672

Weakness Enumeration

Related Identifiers

Affected Products

References · 4