CVE-2024-31848

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31848
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.tenable.com/security/research/tra-2024-09
Configurations

No configuration.

History

08 Apr 2024, 18:49

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de path traversal en la versión Java de CData API Server &lt; 23.4.8844 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso administrativo completo a la aplicación.

05 Apr 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-05 18:15

Updated : 2024-04-08 18:49

NVD link : CVE-2024-31848

Mitre link : CVE-2024-31848

CVE.ORG link : CVE-2024-31848

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')