CVE-2020-9673

Summary

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

Affected Software

VendorProductVersion RangeStatus
AdobeAdobe ColdFusion 2016update 15 and earlier versionsaffected
AdobeAdobe ColdFusion 2018update 9 and earlier versionsaffected

Weaknesses

  • DLL search-order hijacking

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References