CVE-2024-10069 | ESAFENET CDG 5 MailDecryptApplicationService.java actionPassMainApplication id sql injection

Inserito da Angelo Barbosa | Ott 17, 2024 | CVE

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection.

This vulnerability is handled as CVE-2024-10069. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10069 | ESAFENET CDG 5 MailDecryptApplicationService.java actionPassMainApplication id sql injection

Post correlati

CVE-2024-6446 | GitLab up to 17.1.6/17.2.4/17.3.1 URL logic error (Issue 470144)

CVE-2024-41173 | Beckhoff IPC Diagnostics Package/TwinCAT BSD authentication bypass (VDE-2024-045)

CVE-2023-52604 | Linux Kernel up to 6.7.3 UBSAN fs/jfs/jfs_dmap.c denial of service

CVE-2024-38481 | Dell iDRAC Service Module up to 5.3.0.0 out-of-bounds (dsa-2024-086)