SQL Injection Vulnerability in ESAFENET CDG Product
CVE-2024-10500
8.8HIGH
What is CVE-2024-10500?
A critical vulnerability has been identified in the ESAFENET CDG 5 product, specifically within the HookWhiteListService.java file. This vulnerability is tied to the manipulation of the 'policyId' argument, which allows attackers to execute SQL injection attacks. The remote vulnerability poses a serious risk, enabling unauthorized database access and potential data breaches. Despite early communication regarding this issue, the vendor has not issued a response or mitigation guidance, leaving users at risk.
Affected Version(s)
CDG 5