CVE-2020-3796
First published: Fri Jun 26 2020(Updated: )
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =2016 | |
| Adobe ColdFusion | =2016-update1 | |
| Adobe ColdFusion | =2016-update10 | |
| Adobe ColdFusion | =2016-update11 | |
| Adobe ColdFusion | =2016-update12 | |
| Adobe ColdFusion | =2016-update13 | |
| Adobe ColdFusion | =2016-update14 | |
| Adobe ColdFusion | =2016-update2 | |
| Adobe ColdFusion | =2016-update3 | |
| Adobe ColdFusion | =2016-update4 | |
| Adobe ColdFusion | =2016-update5 | |
| Adobe ColdFusion | =2016-update6 | |
| Adobe ColdFusion | =2016-update7 | |
| Adobe ColdFusion | =2016-update8 | |
| Adobe ColdFusion | =2016-update9 | |
| Adobe ColdFusion | =2018 | |
| Adobe ColdFusion | =2018-update1 | |
| Adobe ColdFusion | =2018-update2 | |
| Adobe ColdFusion | =2018-update3 | |
| Adobe ColdFusion | =2018-update4 | |
| Adobe ColdFusion | =2018-update5 | |
| Adobe ColdFusion | =2018-update6 | |
| Adobe ColdFusion | =2018-update7 | |
| Adobe ColdFusion | =2018-update8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-3796.
Which versions of ColdFusion are affected by this vulnerability?
ColdFusion 2016 and ColdFusion 2018 versions are affected by this vulnerability.
What is the severity level of CVE-2020-3796?
CVE-2020-3796 has a severity level of medium, with a severity value of 6.5.
What is the impact of successful exploitation of this vulnerability?
Successful exploitation of this vulnerability could lead to system file structure disclosure.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the Adobe ColdFusion security advisory page: https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html
- collector/nvd-index
- agent/event
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/2016
- version/adobe coldfusion/2016-update1
- version/adobe coldfusion/2016-update10
- version/adobe coldfusion/2016-update11
- version/adobe coldfusion/2016-update12
- version/adobe coldfusion/2016-update13
- version/adobe coldfusion/2016-update14
- version/adobe coldfusion/2016-update2
- version/adobe coldfusion/2016-update3
- version/adobe coldfusion/2016-update4
- version/adobe coldfusion/2016-update5
- version/adobe coldfusion/2016-update6
- version/adobe coldfusion/2016-update7
- version/adobe coldfusion/2016-update8
- version/adobe coldfusion/2016-update9
- version/adobe coldfusion/2018
- version/adobe coldfusion/2018-update1
- version/adobe coldfusion/2018-update2
- version/adobe coldfusion/2018-update3
- version/adobe coldfusion/2018-update4
- version/adobe coldfusion/2018-update5
- version/adobe coldfusion/2018-update6
- version/adobe coldfusion/2018-update7
- version/adobe coldfusion/2018-update8