Sandbox security limits CFML code from being accessed by code outside the sandbox. It was found that CFML templates could invoke ColdFusion components (CFCs) outside its sandbox. There is a hot fix available to fix this issue in ColdFusion MX 7.0.1.
Note: This issue is not fixed in ColdFusion MX 7.0.0. You must upgrade to ColdFusion MX 7.0.1 and then apply the hot fix. Alternatively, you can upgrade to ColdFusion MX 7.0.2, which already includes the fix.
Both ColdFusion MX 7 cumulative and individual hot fixes are installed in the ColdFusion MX Administrator. The installation process is the same for all platforms and installation choices.
ColdFusion MX: Webservices not protected by Sandbox Security (TechNote 6edebba6)