Description
ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.
Remediation
Disable RDS Service in the ColdFusion Administrator.
References
Related Vulnerabilities
Yoast SEO Information Disclosure (3.2.4)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)
Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)