CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851)
Description
Multiple CData products have a path traversal vulnerability, when running using the embedded Jetty server. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get access to sensitive information and some administrative endpoints of the system.
Remediation
Upgrade to the latest version of CData software