CVE-2020-3767Improper Input Validation in Adobe Coldfusion

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
2.1%
top 16.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedJun 26
Latest updateMay 24

Description

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusionColdFusion 2016, and ColdFusion 2018 versions
NVDadobe/coldfusion2016, 2018+1

🔴Vulnerability Details

2
GHSA
GHSA-jp7v-qrg5-7cg7: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability2022-05-24
CVEList
CVE-2020-3767: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability2020-06-26
CVE-2020-3767 — Improper Input Validation in Adobe | cvebase