Description

ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.

Remediation

Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.

References

Is your ColdFusion Administrator Actually Public

Related Vulnerabilities

WebLogic admin console weak credentials

WordPress Plugin WP Activity Log Information Disclosure (3.1.1)

Node.js Inspector Unauthorized Access Vulnerability

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2643)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Insecure Admin Access