CVE-2020-3796Sensitive Information Exposure in Adobe Coldfusion

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
3.7%
top 11.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedJun 26
Latest updateMay 24

Description

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusionColdFusion 2016, and ColdFusion 2018 versions
NVDadobe/coldfusion2016, 2018+1

🔴Vulnerability Details

2
GHSA
GHSA-jfj6-q743-j8x2: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability2022-05-24
CVEList
CVE-2020-3796: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability2020-06-26
CVE-2020-3796 — Sensitive Information Exposure in Adobe | cvebase