Multiple CData Vulnerabilities Let Attackers Bypass Security Restrictions

8 April 2024

A path traversal vulnerability was discovered in the Java versions of multiple CData products when using the embedded Jetty server, allowing remote attackers to potentially access sensitive information and perform limited actions on the system. The vulnerability arises from the interplay between how the embedded Jetty server and CData servlets handle incoming requests, creating a path traversal issue where an attacker can manipulate the path to access unintended directories on the system. An attacker can exploit a path traversal vulnerability in CData Sync versions before 23.4.8843, which stems from unintended Jetty behavior when processing servlet mappings and security constraints in the web.xml file.

Source: GBHackers

Date:

8 April 2024

Categorie(s):

NEWS

Tag(s):

Attackers, Bypass, Cyber Security News, Let, Restrictions

Privacy requests increased 246% in two years6 May 2024
How MFA can improve your online security6 May 2024
Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks6 May 2024
eBook: CISSP fundamentals in focus6 May 2024
These top cybersecurity firms are vital defenders against evolving digital threats in 20246 May 2024