Privilege Escalation Vulnerability in Adobe ColdFusion Software
CVE-2020-9672

7.8HIGH

Key Information:

Vendor
Adobe
Vendor
CVE Published:
17 July 2020

Summary

Adobe ColdFusion versions 2016 update 15 and earlier, as well as 2018 update 9 and earlier, are susceptible to a dll search-order hijacking vulnerability. This security flaw allows an attacker to manipulate the search order for dynamically linked libraries, potentially leading to unauthorized privilege escalation. Organizations using these outdated versions are advised to apply the necessary updates promptly to mitigate the associated risks.

Affected Version(s)

Adobe ColdFusion 2016 update 15 and earlier versions

Adobe ColdFusion 2018 update 9 and earlier versions

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.