Description
Multiple CData products have a path traversal vulnerability, when running using the embedded Jetty server. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get access to sensitive information and some administrative endpoints of the system.
Remediation
Upgrade to the latest version of CData software
References
Related Vulnerabilities
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
WordPress Plugin All-in-One WP Migration Security Bypass (2.0.4)
XWiki Improper Neutralization of Alternate XSS Syntax Vulnerability (CVE-2023-35158)
Jenkins Improper Input Validation Vulnerability (CVE-2018-1999001)
OpenSSL Resource Management Errors Vulnerability (CVE-2016-2179)