CVE-2020-3767

Published: Jun 26, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).

Affected (24)

Products: Adobe: Coldfusion

Adobe

1 product

Coldfusion

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Version 2016
Adobe Coldfusion	Version 2016 update10
Adobe Coldfusion	Version 2016 update11
Adobe Coldfusion	Version 2016 update12
Adobe Coldfusion	Version 2016 update13
Adobe Coldfusion	Version 2016 update14
Adobe Coldfusion	Version 2016 update1
Adobe Coldfusion	Version 2016 update2
Adobe Coldfusion	Version 2016 update3
Adobe Coldfusion	Version 2016 update4
Adobe Coldfusion	Version 2016 update5
Adobe Coldfusion	Version 2016 update6
Adobe Coldfusion	Version 2016 update7
Adobe Coldfusion	Version 2016 update8
Adobe Coldfusion	Version 2016 update9
Adobe Coldfusion	Version 2018
Adobe Coldfusion	Version 2018 update1
Adobe Coldfusion	Version 2018 update2
Adobe Coldfusion	Version 2018 update3
Adobe Coldfusion	Version 2018 update4
Adobe Coldfusion	Version 2018 update5
Adobe Coldfusion	Version 2018 update6
Adobe Coldfusion	Version 2018 update7
Adobe Coldfusion	Version 2018 update8

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.