CVE-2020-9673

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

Published: Jul 17, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9673
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-426

Affected Software
References

Software	From	Fixed in
adobe / coldfusion	2018	2018.x
adobe / coldfusion	2016	2016.x
adobe / coldfusion	2016-update1	2016-update1.x
adobe / coldfusion	2016-update10	2016-update10.x
adobe / coldfusion	2016-update11	2016-update11.x
adobe / coldfusion	2016-update12	2016-update12.x
adobe / coldfusion	2016-update13	2016-update13.x
adobe / coldfusion	2016-update14	2016-update14.x
adobe / coldfusion	2016-update15	2016-update15.x
adobe / coldfusion	2016-update2	2016-update2.x
adobe / coldfusion	2016-update3	2016-update3.x
adobe / coldfusion	2016-update4	2016-update4.x
adobe / coldfusion	2016-update5	2016-update5.x
adobe / coldfusion	2016-update6	2016-update6.x
adobe / coldfusion	2016-update7	2016-update7.x
adobe / coldfusion	2016-update8	2016-update8.x
adobe / coldfusion	2016-update9	2016-update9.x
adobe / coldfusion	2018-update1	2018-update1.x
adobe / coldfusion	2018-update2	2018-update2.x
adobe / coldfusion	2018-update3	2018-update3.x
adobe / coldfusion	2018-update4	2018-update4.x
adobe / coldfusion	2018-update5	2018-update5.x
adobe / coldfusion	2018-update6	2018-update6.x
adobe / coldfusion	2018-update7	2018-update7.x
adobe / coldfusion	2018-update8	2018-update8.x
adobe / coldfusion	2018-update9	2018-update9.x

https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html

Vulnerability Database

289,697

CVE-2020-9673