Multiple CData Flaws Let Attackers Bypass Security Restrictions


A path traversal vulnerability was discovered in the Java versions of multiple CData products when using the embedded Jetty server, allowing remote attackers to potentially access sensitive information and perform limited actions on the system. 

The vulnerability arises from the interplay between how the embedded Jetty server and CData servlets handle incoming requests, creating a path traversal issue where an attacker can manipulate the path to access unintended directories on the system.

An attacker can exploit a path traversal vulnerability in CData Sync versions before 23.4.8843, which stems from unintended Jetty behavior when processing servlet mappings and security constraints in the web.xml file.

CData Vulnerabilities Bypass Security Restrictions

Jetty’s handling of backslashes () in URIs differs from other servers, allowing attackers to bypass restrictions, while the lack of proper session checks on certain endpoints makes it possible to perform unauthorized actions after exploiting the path traversal.

Document

Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .

CData API Server versions prior to 23.4.8844 for Java with the embedded Jetty server are vulnerable to a path traversal attack (CVE-2024-31848), which allows unauthenticated remote attackers to exploit improper path validation to access arbitrary files on the system.  

It could potentially grant complete administrative control of the application, as the Common Vulnerability Scoring System (CVSS) assigns a score of 9.8, reflecting the critical severity of this exploit. 

CData Connect, a Java application running on the embedded Jetty server prior to version 23.4.8846, is vulnerable to a critical path traversal attack (CVE-2024-31849). 

The weakness allows unauthenticated, remote attackers to exploit the application’s directory traversal functionality to gain complete administrative access.

With a CVSS base score of 9.8, vulnerability poses a serious risk and immediate patching is recommended. 

Multiple CData Flaws Let Attackers Bypass Security Restrictions
Regular Request

When using the embedded Jetty server, CData Arc, a Java application with versions prior to 23.4.8839, is vulnerable to a path traversal attack that a remote, unauthenticated attacker can use to access sensitive data and potentially carry out limited actions on the system.  

According to Tenable, the attacker can manipulate the path to access files outside the intended directory structure, expose sensitive data, or allow unauthorized modifications. Z

Multiple CData Flaws Let Attackers Bypass Security Restrictions
With Path Traversal

CData Sync, a data integration software, is vulnerable to a path traversal attack (CVE-2024-31851) when using the embedded Jetty server in its Java version prior to 23.4.8843. 

A remote, unauthenticated attacker could take advantage of this flaw to access sensitive data and potentially carry out limited actions on the system.

The Common Vulnerability Scoring System (CVSS) assigns a base score of 8.6 to this vulnerability, reflecting its high severity. 

The security vulnerability was found in CData products, where accessing “/src/getSettings.rsb” could expose sensitive data, which was disclosed to CData on March 4th, 2024, and acknowledged two days later, while CData released updates to address this vulnerability on March 25th, 2024, and a public advisory was published on April 5th, 2024.

Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try Here



Source link