CVSS: 8.6EPSS: 91%CPEs: 1EXPL: 1CVE-2024-31851
https://notcve.org/view.php?id=CVE-2024-31851
05 Apr 2024 — A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. Existe una vulnerabilidad de path traversal en la versión Java de CData Sync < 23.4.8843 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial y reali... • https://github.com/Stuub/CVE-2024-31848-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 90%CPEs: 1EXPL: 1CVE-2024-31850
https://notcve.org/view.php?id=CVE-2024-31850
05 Apr 2024 — A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. Existe una vulnerabilidad de path traversal en la versión Java de CData Arc < 23.4.8839 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial y realice... • https://github.com/Stuub/CVE-2024-31848-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 1CVE-2024-31849
https://notcve.org/view.php?id=CVE-2024-31849
05 Apr 2024 — A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. Existe una vulnerabilidad de path traversal en la versión Java de CData Connect < 23.4.8846 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso administrativo completo a la aplicació... • https://github.com/Stuub/CVE-2024-31848-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 1CVE-2024-31848
https://notcve.org/view.php?id=CVE-2024-31848
05 Apr 2024 — A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. Existe una vulnerabilidad de path traversal en la versión Java de CData API Server < 23.4.8844 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso administrativo completo a la apl... • https://github.com/Stuub/CVE-2024-31848-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 88%CPEs: 1EXPL: 1CVE-2023-24243
https://notcve.org/view.php?id=CVE-2023-24243
16 Jun 2023 — CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). • https://arc.cdata.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29056
https://notcve.org/view.php?id=CVE-2020-29056
24 Nov 2020 — An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •