Description
Multiple CData products have a path traversal vulnerability, when running using the embedded Jetty server. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get access to sensitive information and some administrative endpoints of the system.
Remediation
Upgrade to the latest version of CData software
References
Related Vulnerabilities
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Directory Traversal (5.5.4)
OpenSSL Improper Input Validation Vulnerability (CVE-2010-0740)
Dolphin Other Vulnerability (CVE-2006-4189)
PHP Other Vulnerability (CVE-2015-6838)
Jetty Improper Neutralization of Quoting Syntax Vulnerability (CVE-2023-36479)