PT-2020-6356 · Adobe · Coldfusion

Published

2020-04-14

Updated

2021-07-21

CVE-2020-3796

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2016 through 2018

Description The issue is related to improper access control in the Access Control component of the ColdFusion platform, which can be exploited by a remote attacker to gain unauthorized access to the file system. Successful exploitation could lead to system file structure disclosure.

Recommendations For ColdFusion 2016 and 2018, update to a version that includes the fix for this issue to prevent unauthorized access to the file system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2021-04307

CVE-2020-3796

Affected Products

Coldfusion

PT-2020-6356 · Adobe · Coldfusion

CVE-2020-3796

Weakness Enumeration

Related Identifiers

Affected Products

References · 4