Filtered by vendor Adobe Subscriptions
Filtered by product Coldfusion Subscriptions
Total 151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40698 1 Adobe 1 Coldfusion 2024-11-21 7.4 High
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
CVE-2021-21087 1 Adobe 1 Coldfusion 2024-11-21 5.4 Medium
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
CVE-2020-9673 1 Adobe 1 Coldfusion 2024-11-21 7.8 High
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-9672 1 Adobe 1 Coldfusion 2024-11-21 7.8 High
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3796 1 Adobe 1 Coldfusion 2024-11-21 6.5 Medium
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
CVE-2020-3794 1 Adobe 1 Coldfusion 2024-11-21 9.8 Critical
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.
CVE-2020-3768 1 Adobe 1 Coldfusion 2024-11-21 7.8 High
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3767 1 Adobe 1 Coldfusion 2024-11-21 6.5 Medium
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
CVE-2020-3761 1 Adobe 1 Coldfusion 2024-11-21 7.5 High
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.
CVE-2020-10145 1 Adobe 1 Coldfusion 2024-11-21 7.8 High
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.
CVE-2019-8256 1 Adobe 1 Coldfusion 2024-11-21 9.8 Critical
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-8074 1 Adobe 1 Coldfusion 2024-11-21 9.8 Critical
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
CVE-2019-8073 1 Adobe 1 Coldfusion 2024-11-21 9.8 Critical
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
CVE-2019-8072 1 Adobe 1 Coldfusion 2024-11-21 7.5 High
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7840 1 Adobe 1 Coldfusion 2024-11-21 N/A
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7839 1 Adobe 1 Coldfusion 2024-11-21 N/A
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7838 1 Adobe 1 Coldfusion 2024-11-21 N/A
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7816 1 Adobe 1 Coldfusion 2024-11-21 N/A
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7092 1 Adobe 1 Coldfusion 2024-11-21 N/A
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-7091 1 Adobe 1 Coldfusion 2024-11-21 N/A
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.