Description
ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.
Remediation
Disable RDS Service in the ColdFusion Administrator.
References
Related Vulnerabilities
Sitecore Arbitrary File Read (CVE-2024-46938)
Content Security Policy (CSP) report-uri Uses HTTP
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.13)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)