Description
ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.
Remediation
Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.
References
Related Vulnerabilities
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.13)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32477)
Rails application running in development mode
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-40690)