CVE-2019-8074

Published: Sep 27, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Affected (17)

Products: Adobe: Coldfusion

Adobe

1 product

Coldfusion

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Version 2016
Adobe Coldfusion	Version 2016 update10
Adobe Coldfusion	Version 2016 update11
Adobe Coldfusion	Version 2016 update1
Adobe Coldfusion	Version 2016 update2
Adobe Coldfusion	Version 2016 update3
Adobe Coldfusion	Version 2016 update4
Adobe Coldfusion	Version 2016 update5
Adobe Coldfusion	Version 2016 update6
Adobe Coldfusion	Version 2016 update7
Adobe Coldfusion	Version 2016 update8
Adobe Coldfusion	Version 2016 update9
Adobe Coldfusion	Version 2018
Adobe Coldfusion	Version 2018 update1
Adobe Coldfusion	Version 2018 update2
Adobe Coldfusion	Version 2018 update3
Adobe Coldfusion	Version 2018 update4

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.