ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Coldfusion | Adobe | 2016 (including) | 2016 (including) |
| Coldfusion | Adobe | 2016-update1 (including) | 2016-update1 (including) |
| Coldfusion | Adobe | 2016-update10 (including) | 2016-update10 (including) |
| Coldfusion | Adobe | 2016-update11 (including) | 2016-update11 (including) |
| Coldfusion | Adobe | 2016-update2 (including) | 2016-update2 (including) |
| Coldfusion | Adobe | 2016-update3 (including) | 2016-update3 (including) |
| Coldfusion | Adobe | 2016-update4 (including) | 2016-update4 (including) |
| Coldfusion | Adobe | 2016-update5 (including) | 2016-update5 (including) |
| Coldfusion | Adobe | 2016-update6 (including) | 2016-update6 (including) |
| Coldfusion | Adobe | 2016-update7 (including) | 2016-update7 (including) |
| Coldfusion | Adobe | 2016-update8 (including) | 2016-update8 (including) |
| Coldfusion | Adobe | 2016-update9 (including) | 2016-update9 (including) |
| Coldfusion | Adobe | 2018 (including) | 2018 (including) |
| Coldfusion | Adobe | 2018-update1 (including) | 2018-update1 (including) |
| Coldfusion | Adobe | 2018-update2 (including) | 2018-update2 (including) |
| Coldfusion | Adobe | 2018-update3 (including) | 2018-update3 (including) |
| Coldfusion | Adobe | 2018-update4 (including) | 2018-update4 (including) |