CVE-2024-10071 | ESAFENET CDG 5 EncryptPolicyService.java actionUpdateEncryptPolicyEdit encryptPolicyId sql injection

Inserito da Angelo Barbosa | Ott 17, 2024 | CVE

A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection.

This vulnerability was named CVE-2024-10071. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10071 | ESAFENET CDG 5 EncryptPolicyService.java actionUpdateEncryptPolicyEdit encryptPolicyId sql injection

Post correlati

CVE-2024-39435 | Unisoc S8000 Logmanager Service Local Privilege Escalation

CVE-2024-41611 | D-Link DIR-860L 1.10 Telnet Service hard-coded credentials

CVE-2024-39165 | Asial JpGraph Professional up to 4.2.6-pro QR/demoapp/qr_image.php data Privilege Escalation

CVE-2024-25922 | Peach Payments Gateway Plugin up to 3.1.9 on WordPress authorization