CVE-2024-31848

CVSS 9.8 CRITICALEPSS 8.2%CWE-22

Vexday Risk Score

63High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 8.2%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

05 Apr 2024Published on NVD

07 May 2024Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

CData · API Server

public PoCs found — 1

githubgithub.com/Stuub/CVE-2024-31848-PoC★ 18

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tenable.com/security/research/tra-2024-09