DLL Search-Order Hijacking in Adobe ColdFusion Products
CVE-2020-9673
7.8HIGH
Key Information:
- Vendor
- Adobe
- Vendor
- CVE Published:
- 17 July 2020
Summary
Adobe ColdFusion versions 2016 and earlier, along with ColdFusion 2018 up to update 9, are susceptible to a DLL search-order hijacking vulnerability. This flaw allows an attacker to potentially exploit the environment, leading to privilege escalation. The vulnerability arises from improper handling of DLLs, which can be manipulated by attackers to execute malicious code. Organizations utilizing these versions of ColdFusion should assess their systems and consider applying updates or mitigations as outlined by Adobe.
Affected Version(s)
Adobe ColdFusion 2016 update 15 and earlier versions
Adobe ColdFusion 2018 update 9 and earlier versions
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved