CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10135 – ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection
https://notcve.org/view.php?id=CVE-2024-10135
19 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://flowus.cn/share/90077815-dc85-42a1-9144-af0002cd0011?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10134 – ESAFENET CDG MultiServerAjax.java connectLogout sql injection
https://notcve.org/view.php?id=CVE-2024-10134
19 Oct 2024 — A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/cf5e5c45-d097-48d4-b33b-54acfa846fe5?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10133 – ESAFENET CDG NetSecPolicyAjax.java updateNetSecPolicyPriority sql injection
https://notcve.org/view.php?id=CVE-2024-10133
19 Oct 2024 — A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/a320073e-a545-419e-bfb5-d6e2b8526433?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10072 – ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection
https://notcve.org/view.php?id=CVE-2024-10072
17 Oct 2024 — A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.280721 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10071 – ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection
https://notcve.org/view.php?id=CVE-2024-10071
17 Oct 2024 — A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/d1a29ce2-346c-4a8e-836a-e9533c32fad1?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10070 – ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection
https://notcve.org/view.php?id=CVE-2024-10070
17 Oct 2024 — A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/b2afb61c-cdbe-4303-b799-f7c82a9643fb?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10069 – ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection
https://notcve.org/view.php?id=CVE-2024-10069
17 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://flowus.cn/share/20a4440e-1268-4df1-ab95-8583b450b7c4?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18636
https://notcve.org/view.php?id=CVE-2017-18636
30 Sep 2019 — CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. CDG hasta el 01-01-2017, permite el salto de directorio de downloadDocument.jsp?command=download&pathAndName=. • http://www.warmeng.com/2017/01/01/CDG-filedown • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •