A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function
actionViewDecyptFile
of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts
leads to path traversal: ‘../filedir’.
This vulnerability is known as CVE-2024-10379. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The affected function has a typo and is missing an R.