PT-2020-5385 · Adobe · Coldfusion

Published

2020-07-14

Updated

2020-09-04

CVE-2020-9673

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2016 update 15 and earlier Adobe ColdFusion versions 2018 update 9 and earlier

Description The issue is related to incorrect handling of the path to DLL libraries used by an incoming component. This could allow an attacker to escalate their privileges.

Recommendations For Adobe ColdFusion versions 2016 update 15 and earlier, update to a version later than update 15. For Adobe ColdFusion versions 2018 update 9 and earlier, update to a version later than update 9.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2021-00401

CVE-2020-9673

Affected Products

Coldfusion

PT-2020-5385 · Adobe · Coldfusion

CVE-2020-9673

Weakness Enumeration

Related Identifiers

Affected Products

References · 4