Overview
- Description
- A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- cna@vuldb.com
- CWE-89
Social media
- Hype score
- Not currently trending
🔍🚨 ¡Nueva vulnerabilidad crítica detectada! CVE-2024-10070 impacta el sistema ESAFENET CDG 5. Esta falla permite un ataque de inyección SQL a través de la función `actionPolicyPush` en el archivo `https://t.co/5E1U4ZrmUu`. El ataque puede ser iniciado de forma remota y el… http
@antu_tech
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10070 A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPush… https://t.co/kWh8LExDRm
@CVEnew
349 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10070 Critical SQL Injection in ESAFENET CDG 5 Publicly Disclosed: A critical vulnerability is in ESAFENET CDG 5. It affects the actionPolicyPush function in the file /com/esafenet/policy/action/PolicyPu... https://t.co/gzTkrhmlKp
@VulmonFeeds
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
],
"operator": "OR"
}
]
}
]