ColdFusion JNDI injection RCE

Description
  • ColdFusion allows an unauthenticated user to connect to any LDAP server. An attacker can exploit it to achieve remote code execution.
Remediation
  • Upgrade to the latest version of ColdFusion.
References