SQL Injection Vulnerability in ESAFENET CDG 5 by ESAFENET
CVE-2024-10279

9.8CRITICAL

Key Information:

Vendor: Esafenet
Status: Cdg
Vendor: CVE Published:; 23 October 2024

Summary

A vulnerability exists in ESAFENET CDG version 5, specifically in the PrintPolicyService.java file, affecting the execution of unknown code. The manipulation of the 'policyId' argument allows for SQL injection, which can enable attackers to execute arbitrary SQL commands against the database. This vulnerability can be exploited remotely, posing significant risks to users and systems relying on ESAFENET CDG 5. The vendor has been notified regarding this vulnerability but has not responded to the disclosure.

References

https://vuldb.com/?id.281554

https://vuldb.com/?ctiid.281554

https://vuldb.com/?submit.423832

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2024