CVE-2024-31849

Name of the Vulnerable Software and Affected Versions CData Connect versions prior to 23.4.8846

Description A path traversal vulnerability exists in the Java version of CData Connect when running using the embedded Jetty server. This could allow an unauthenticated remote attacker to gain complete administrative access to the application by sending specially crafted HTTP requests, potentially allowing them to elevate their privileges.

Recommendations For versions prior to 23.4.8846, update to version 23.4.8846 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server until a patch is applied.