WEB APPLICATION VULNERABILITIES Standard & Premium

CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851)

Description

Multiple CData products have a path traversal vulnerability, when running using the embedded Jetty server. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get access to sensitive information and some administrative endpoints of the system.

Remediation

Upgrade to the latest version of CData software

References

Jetty Security Notice Overview

Path Traversal Affecting Multiple CData Products

Related Vulnerabilities

TinyMCE ajax_create_folder remote code execution vulnerability

Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2015-7873)

WordPress Other Vulnerability (CVE-2007-0109)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2021-34520)

Severity

Critical

Classification

CVE-2024-31848 CVE-2024-31849 CVE-2024-31850 CVE-2024-31851 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Directory Traversal Authentication Bypass Known Vulnerabilities