CVE-2020-3761

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

Published: Mar 25, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3761
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2016	2016.x
adobe / coldfusion	2016-update1	2016-update1.x
adobe / coldfusion	2016-update10	2016-update10.x
adobe / coldfusion	2016-update11	2016-update11.x
adobe / coldfusion	2016-update12	2016-update12.x
adobe / coldfusion	2016-update13	2016-update13.x
adobe / coldfusion	2016-update2	2016-update2.x
adobe / coldfusion	2016-update3	2016-update3.x
adobe / coldfusion	2016-update4	2016-update4.x
adobe / coldfusion	2016-update5	2016-update5.x
adobe / coldfusion	2016-update6	2016-update6.x
adobe / coldfusion	2016-update7	2016-update7.x
adobe / coldfusion	2016-update8	2016-update8.x
adobe / coldfusion	2016-update9	2016-update9.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x

https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html

Vulnerability Database

289,784

CVE-2020-3761