Primary

Context

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability

Vulnerability

A misconfiguration vulnerability allowing information disclosure has been identified in CData API Server. This issue arises from the application's handling of MySQL connections. When connecting to a MySQL server, the server is permitted to request local files from the client. An authenticated attacker can exploit this flaw to access sensitive information, with the disclosure occurring in the context of the NETWORK SERVICE.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information on the affected system.

Remediation

The recommended mitigation strategy is to limit interactions with the product.

Added: Sep 2, 2025, 8:31 PM

Updated: Sep 2, 2025, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating