Description
ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.
Remediation
Disable RDS Service in the ColdFusion Administrator.
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-45038)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3542)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.8)
XML external entity injection via File Upload
WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)