Overview
- Description
- A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- cna@vuldb.com
- CWE-89
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10597 (Published: 2024-10-31) - Critical vulnerability in ESAFENET versions exploited. Ensure your systems are updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/Qzvqg3jpMB. Stay secure! 🔒 #CyberSecurity… https://t.co
@transilienceai
4 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2024-10597 (Published: 2024-10-31) affects ESAFENET. This vulnerability impacts specific versions, allowing potential exploitation. To safeguard your systems, ensure you update to the latest version and apply all recommended patches. Stay secure! More info:… https://t.co/1
@transilienceai
4 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10597 (Published: 2024-10-31) affects ESAFENET. This vulnerability impacts specific versions, allowing potential exploitation. Users are advised to update to the latest version and apply all recommended patches to mitigate risks. Stay secure! More info:… https://t.co/3wD
@transilienceai
4 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10597 (Published: 2024-10-31) - A critical vulnerability in ESAFENET VDB-282609 has been identified. Affected versions are at risk! 🔒 Ensure you update to the latest patch to mitigate potential exploits. For more details, visit: https://t.co/Z99EXCOntq #CyberSecurity
@transilienceai
4 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10597 Critical SQL Injection Vulnerability in ESAFENET CDG 5 Publicly Disclosed A critical vulnerability is present in ESAFENET CDG 5. It affects the function delPolicyAction in the file /com/esafenet/se... https://t.co/SpzDaiFJGl
@VulmonFeeds
1 Nov 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10597 A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActi… https://t.co/3BBQ3cp8UE
@CVEnew
31 Oct 2024
484 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
],
"operator": "OR"
}
]
}
]