Description
Multiple CData products have a path traversal vulnerability, when running using the embedded Jetty server. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get access to sensitive information and some administrative endpoints of the system.
Remediation
Upgrade to the latest version of CData software
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7832)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8625)
Oracle Database Server CVE-2006-5340 Vulnerability (CVE-2006-5340)
WordPress Plugin WP Source Control Directory Traversal (3.0.0)