Scott Buckel

**Name of the Vulnerable Software and Affected Versions** Adobe ColdFusion versions 9.0 through 10 **Description** The issue is related to the administrator.cfc component in Adobe ColdFusion, which allows remote attackers to bypass authentication and possibly execute arbitrary code. This is achieved by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface. The vulnerability has been exploited in the wild, specifically in January 2013. It is associated with insufficient protection of service data, allowing a remote attacker to bypass security restrictions or execute arbitrary code. **Recommendations** For Adobe ColdFusion versions 9.0 through 10, consider disabling access to the RDS component and the administrative web interface until a patch is available. Restrict access to the administrator.cfc component to minimize the risk of exploitation. Avoid using the default empty password for the RDS component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.