Unauthenticated Remote Access Vulnerability in Java Version of CData API Server
CVE-2024-31848
Key Information:
- Vendor
CData API Server
- Vendor
- CVE Published:
- 5 April 2024
Badges
What is CVE-2024-31848?
The vulnerability CVE-2024-31848 is a path traversal vulnerability in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server. Exploitation of this vulnerability poses a significant risk and organizations using the CData API Server < 23.4.8844 are urged to upgrade to the latest version to mitigate the risk of unauthorized access and control over affected systems. The potential impact includes data breaches, system compromise, and potential spread of malware. No known ransomware groups have exploited this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Pentest-Tools.comCVE-2024-31848CData API Server < 23.4.8844 - Path Traversal (CVE-2024-31848)
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.
References
EPSS Score
93% chance of being exploited in the next 30 days.
Timeline
- π°
First article discovered by Pentest-Tools.com
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published