CVE-2024-31850

Name of the Vulnerable Software and Affected Versions CData Arc versions prior to 23.4.8839

Description A path traversal vulnerability exists in the Java version of CData Arc when running using the embedded Jetty server. This could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions by sending specially crafted HTTP requests. The vulnerability is related to errors in handling relative path to directory.

Recommendations For versions prior to 23.4.8839, update to version 23.4.8839 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server until a patch is available. Avoid using the vulnerable server for sensitive operations until the issue is resolved.