cbcvebase.
CVE-2024-31850
published 2024-04-05

CVE-2024-31850: A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an…

PriorityP265high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EXPLOIT
EPSS
3.04%
85.9th percentile
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

Affected

1 ranges
VendorProductVersion rangeFixed in
cdataarc< 23.4.883923.4.8839

Detection & IOCsextracted from sources · hover to see the quote

path/src/getSettings.rsb
cookieapiserver_jsessionid
  • Detect path traversal attempts using backslash characters in URI targeting CData Arc; look for requests containing '/..' and '\src\' patterns in the URL path, which Jetty does not reject unlike Tomcat.
  • Alert on HTTP 200 responses to requests for '/ui/..\src\getSettings.rsb?@json' — a successful exploit returns Content-Type: application/json with body containing 'items', 'true', and 'notifyemail'.
  • The exploit bypasses security constraints defined in web.xml by routing through the /ui/ path prefix combined with backslash-based directory traversal; monitor servlet access logs for /ui/ requests resolving to /src/ endpoints.
  • ·Vulnerability only affects the Java version of CData Arc when deployed with the embedded Jetty server; deployments on Tomcat are NOT vulnerable as Tomcat rejects backslash characters in URIs.
  • ·Only CData Arc versions below 23.4.8839 are affected; patched versions mitigate the issue.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.