What is CVE-2020-3768?

CVE-2020-3768 is a vulnerability in ColdFusion versions ColdFusion 2016 and ColdFusion 2018 that allows for dll search-order hijacking and can lead to privilege escalation.

How severe is CVE-2020-3768?

CVE-2020-3768 has a severity score of 7.8 (high).

What is the affected software for CVE-2020-3768?

The affected software for CVE-2020-3768 includes ColdFusion 2016 and ColdFusion 2018.

How can CVE-2020-3768 be fixed?

To fix CVE-2020-3768, it is recommended to update to the latest version of ColdFusion 2016 or ColdFusion 2018 as provided by Adobe.

Where can I find more information about CVE-2020-3768?

More information about CVE-2020-3768 can be found at the following link: [https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html]

Vulnerability/
CVE-2020-3768

high

7.8

CWE

426

26/6/2020

4/8/2024

CVE-2020-3768

First published: Fri Jun 26 2020(Updated: )

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=2016
Adobe ColdFusion	=2016-update1
Adobe ColdFusion	=2016-update10
Adobe ColdFusion	=2016-update11
Adobe ColdFusion	=2016-update12
Adobe ColdFusion	=2016-update13
Adobe ColdFusion	=2016-update14
Adobe ColdFusion	=2016-update2
Adobe ColdFusion	=2016-update3
Adobe ColdFusion	=2016-update4
Adobe ColdFusion	=2016-update5
Adobe ColdFusion	=2016-update6
Adobe ColdFusion	=2016-update7
Adobe ColdFusion	=2016-update8
Adobe ColdFusion	=2016-update9
Adobe ColdFusion	=2018
Adobe ColdFusion	=2018-update1
Adobe ColdFusion	=2018-update2
Adobe ColdFusion	=2018-update3
Adobe ColdFusion	=2018-update4
Adobe ColdFusion	=2018-update5
Adobe ColdFusion	=2018-update6
Adobe ColdFusion	=2018-update7
Adobe ColdFusion	=2018-update8

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html

Frequently Asked Questions

What is CVE-2020-3768?
CVE-2020-3768 is a vulnerability in ColdFusion versions ColdFusion 2016 and ColdFusion 2018 that allows for dll search-order hijacking and can lead to privilege escalation.
How severe is CVE-2020-3768?
CVE-2020-3768 has a severity score of 7.8 (high).
What is the affected software for CVE-2020-3768?
The affected software for CVE-2020-3768 includes ColdFusion 2016 and ColdFusion 2018.
How can CVE-2020-3768 be fixed?
To fix CVE-2020-3768, it is recommended to update to the latest version of ColdFusion 2016 or ColdFusion 2018 as provided by Adobe.
Where can I find more information about CVE-2020-3768?
More information about CVE-2020-3768 can be found at the following link: [https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html]

collector/nvd-index
agent/severity
agent/author
agent/weakness
agent/references
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/type
agent/description
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2016
version/adobe coldfusion/2016-update1
version/adobe coldfusion/2016-update10
version/adobe coldfusion/2016-update11
version/adobe coldfusion/2016-update12
version/adobe coldfusion/2016-update13
version/adobe coldfusion/2016-update14
version/adobe coldfusion/2016-update2
version/adobe coldfusion/2016-update3
version/adobe coldfusion/2016-update4
version/adobe coldfusion/2016-update5
version/adobe coldfusion/2016-update6
version/adobe coldfusion/2016-update7
version/adobe coldfusion/2016-update8
version/adobe coldfusion/2016-update9
version/adobe coldfusion/2018
version/adobe coldfusion/2018-update1
version/adobe coldfusion/2018-update2
version/adobe coldfusion/2018-update3
version/adobe coldfusion/2018-update4
version/adobe coldfusion/2018-update5
version/adobe coldfusion/2018-update6
version/adobe coldfusion/2018-update7
version/adobe coldfusion/2018-update8