Multiple CData Vulnerabilities Let Attackers Bypass Security Restrictions

A path traversal vulnerability was discovered in the Java versions of multiple CData products when using the embedded Jetty server, allowing remote attackers to potentially access sensitive information and perform limited actions on the system. 

The vulnerability arises from the interplay between how the embedded Jetty server and CData servlets handle incoming requests, creating a path traversal issue where an attacker can manipulate the path to access unintended directories on the system.

An attacker can exploit a path traversal vulnerability in CData Sync versions before 23.4.8843, which stems from unintended Jetty behavior when processing servlet mappings and security constraints in the web.xml file.

CData Vulnerabilities Bypass Security Restrictions

Jetty’s handling of backslashes (\) in URIs differs from other servers, allowing attackers to bypass restrictions, while the lack of proper session checks on certain endpoints makes it possible to perform unauthorized actions after exploiting the path traversal.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

CData API Server versions prior to 23.4.8844 for Java with the embedded Jetty server are vulnerable to a path traversal attack (CVE-2024-31848), which allows unauthenticated remote attackers to exploit improper path validation to access arbitrary files on the system.  

It could potentially grant complete administrative control of the application, as the Common Vulnerability Scoring System (CVSS) assigns a score of 9.8, reflecting the critical severity of this exploit. 

CData Connect, a Java application running on the embedded Jetty server prior to version 23.4.8846, is vulnerable to a critical path traversal attack (CVE-2024-31849). 

The weakness allows unauthenticated, remote attackers to exploit the application’s directory traversal functionality to gain complete administrative access.

With a CVSS base score of 9.8, vulnerability poses a serious risk and immediate patching is recommended. 

Regular Request

When using the embedded Jetty server, CData Arc, a Java application with versions prior to 23.4.8839, is vulnerable to a path traversal attack that a remote, unauthenticated attacker can use to access sensitive data and potentially carry out limited actions on the system.  

According to Tenable, the attacker can manipulate the path to access files outside the intended directory structure, expose sensitive data, or allow unauthorized modifications. Z

With Path Traversal

CData Sync, a data integration software, is vulnerable to a path traversal attack (CVE-2024-31851) when using the embedded Jetty server in its Java version prior to 23.4.8843. 

A remote, unauthenticated attacker could take advantage of this flaw to access sensitive data and potentially carry out limited actions on the system.

The Common Vulnerability Scoring System (CVSS) assigns a base score of 8.6 to this vulnerability, reflecting its high severity. 

The security vulnerability was found in CData products, where accessing “/src/getSettings.rsb” could expose sensitive data, which was disclosed to CData on March 4th, 2024, and acknowledged two days later, while CData released updates to address this vulnerability on March 25th, 2024, and a public advisory was published on April 5th, 2024.

Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try Here
Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC)…

13 hours ago

Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive…

13 hours ago

US Charged Chinese Hackers for Exploiting Thousands of Firewall

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information…

13 hours ago

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the start…

13 hours ago

Hackers Deploy Weaponized LNK Files for Malicious Payload Delivery

Researchers reported a phishing attack on December 4th, 2024, where malicious emails purportedly from the…

13 hours ago

APT-C-60 Hackers Penetrate Org’s Network Using a Weapanized Google Drive link

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed an advanced cyber attack…

15 hours ago