Adobe Coldfusion vulnerabilities

CVE-2020-3796 [MEDIUM] CVE-2020-3796: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerabili ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.

CVE-2020-3794 [CRITICAL] CWE-829 CVE-2020-3794: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Succes ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

CVE-2020-3761 [HIGH] CVE-2020-3761: ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Succ ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

CVE-2019-8256 [CRITICAL] CWE-732 CVE-2019-8256: ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installat ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

CVE-2019-8074 [CRITICAL] CWE-22 CVE-2019-8074: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Travers ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

CVE-2019-8073 [CRITICAL] CWE-77 CVE-2019-8073: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Inje ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

CVE-2019-8072 [HIGH] CVE-2019-8072: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security byp ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

CVE-2019-7840 [CRITICAL] CWE-502 CVE-2019-7840: ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a de ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-7839 [CRITICAL] CWE-77 CVE-2019-7839: ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a co ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-7838 [CRITICAL] CWE-434 CVE-2019-7838: ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a fi ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-7816 [CRITICAL] CWE-434 CVE-2019-7816: ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a fil ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-7091 [CRITICAL] CWE-502 CVE-2019-7091: ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a des ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-7092 [MEDIUM] CWE-79 CVE-2019-7092: ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cro ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

CVE-2018-15959 [CRITICAL] CWE-502 CVE-2018-15959: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2018-15958 [CRITICAL] CWE-502 CVE-2018-15958: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2018-15961 [CRITICAL] CWE-434 CVE-2018-15961: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2018-15957 [CRITICAL] CWE-502 CVE-2018-15957: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2018-15965 [CRITICAL] CWE-502 CVE-2018-15965: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2018-15960 [HIGH] CWE-20 CVE-2018-15960: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.

CVE-2018-15964 [HIGH] CWE-200 CVE-2018-15964: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.