7.8

CVE-2020-3768

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeColdfusion Version2016 Update-
AdobeColdfusion Version2016 Updateupdate1
AdobeColdfusion Version2016 Updateupdate10
AdobeColdfusion Version2016 Updateupdate11
AdobeColdfusion Version2016 Updateupdate12
AdobeColdfusion Version2016 Updateupdate13
AdobeColdfusion Version2016 Updateupdate14
AdobeColdfusion Version2016 Updateupdate2
AdobeColdfusion Version2016 Updateupdate3
AdobeColdfusion Version2016 Updateupdate4
AdobeColdfusion Version2016 Updateupdate5
AdobeColdfusion Version2016 Updateupdate6
AdobeColdfusion Version2016 Updateupdate7
AdobeColdfusion Version2016 Updateupdate8
AdobeColdfusion Version2016 Updateupdate9
AdobeColdfusion Version2018 Update-
AdobeColdfusion Version2018 Updateupdate1
AdobeColdfusion Version2018 Updateupdate2
AdobeColdfusion Version2018 Updateupdate3
AdobeColdfusion Version2018 Updateupdate4
AdobeColdfusion Version2018 Updateupdate5
AdobeColdfusion Version2018 Updateupdate6
AdobeColdfusion Version2018 Updateupdate7
AdobeColdfusion Version2018 Updateupdate8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.347
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.