CVE-2020-3796

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.

Published: Jun 26, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3796
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2016	2016.x
adobe / coldfusion	2016-update1	2016-update1.x
adobe / coldfusion	2016-update10	2016-update10.x
adobe / coldfusion	2016-update11	2016-update11.x
adobe / coldfusion	2016-update12	2016-update12.x
adobe / coldfusion	2016-update13	2016-update13.x
adobe / coldfusion	2016-update14	2016-update14.x
adobe / coldfusion	2016-update2	2016-update2.x
adobe / coldfusion	2016-update3	2016-update3.x
adobe / coldfusion	2016-update4	2016-update4.x
adobe / coldfusion	2016-update5	2016-update5.x
adobe / coldfusion	2016-update6	2016-update6.x
adobe / coldfusion	2016-update7	2016-update7.x
adobe / coldfusion	2016-update8	2016-update8.x
adobe / coldfusion	2016-update9	2016-update9.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x
adobe / coldfusion	2018-update8	2018-update8.x

https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html

Vulnerability Database

289,697

CVE-2020-3796