SQL Injection Vulnerability in ESAFENET CDG Product
CVE-2024-10500

8.8HIGH

Key Information:

Vendor: Esafenet
Status: Cdg
Vendor: CVE Published:; 30 October 2024

What is CVE-2024-10500?

A critical vulnerability has been identified in the ESAFENET CDG 5 product, specifically within the HookWhiteListService.java file. This vulnerability is tied to the manipulation of the 'policyId' argument, which allows attackers to execute SQL injection attacks. The remote vulnerability poses a serious risk, enabling unauthorized database access and potential data breaches. Despite early communication regarding this issue, the vendor has not issued a response or mitigation guidance, leaving users at risk.

Affected Version(s)

CDG 5

References

https://vuldb.com/?id.282440

vdb-entrytechnical-description

https://vuldb.com/?ctiid.282440

signaturepermissions-required

https://vuldb.com/?submit.427397

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2024

Credit

0menc (VulDB User)

Esafenet

What is CVE-2024-10500?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit