CVE-2024-31851

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Apr 5, 2024

Updated: Apr 8, 2024

CWE ID 22

Summary

CVE-2024-31851 is a newly disclosed vulnerability affecting the Java version of CData Sync below 23.4.8843 when using the embedded Jetty server. This issue involves a path traversal weakness, enabling unauthenticated remote attackers to access sensitive data and execute limited actions. This vulnerability poses a significant risk, as it allows unauthorized users to bypass security restrictions and potentially gain unauthorized access to crucial information. The Java version of CData Sync is advised to be updated to the latest version, 23.4.8843, to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vN1qgX
https://www.cve.org/CVERecord?id=CVE-2024-31851
https://nvd.nist.gov/vuln/detail/CVE-2024-31851

Back to Vulnerability Database

CVE-2024-31851

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations