CVE-2024-31848
CRITICAL NUCLEICData API Server < 23.4.8844 - Path Traversal
Title source: llmDescription
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
Exploits (1)
Nuclei Templates (1)
CData API Server < 23.4.8844 - Path Traversal
CRITICALVERIFIEDby pussycat0x
Shodan:
title:"CData - API Server"
Scores
CVSS v3
9.8
EPSS
0.9360
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
CData/API Server
< 23.4.8844
Published
Apr 05, 2024
Tracked Since
Feb 18, 2026