CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10135 – ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection
https://notcve.org/view.php?id=CVE-2024-10135
19 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://flowus.cn/share/90077815-dc85-42a1-9144-af0002cd0011?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10134 – ESAFENET CDG MultiServerAjax.java connectLogout sql injection
https://notcve.org/view.php?id=CVE-2024-10134
19 Oct 2024 — A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/cf5e5c45-d097-48d4-b33b-54acfa846fe5?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10133 – ESAFENET CDG NetSecPolicyAjax.java updateNetSecPolicyPriority sql injection
https://notcve.org/view.php?id=CVE-2024-10133
19 Oct 2024 — A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/a320073e-a545-419e-bfb5-d6e2b8526433?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10072 – ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection
https://notcve.org/view.php?id=CVE-2024-10072
17 Oct 2024 — A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.280721 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10071 – ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection
https://notcve.org/view.php?id=CVE-2024-10071
17 Oct 2024 — A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/d1a29ce2-346c-4a8e-836a-e9533c32fad1?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10070 – ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection
https://notcve.org/view.php?id=CVE-2024-10070
17 Oct 2024 — A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/b2afb61c-cdbe-4303-b799-f7c82a9643fb?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10069 – ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection
https://notcve.org/view.php?id=CVE-2024-10069
17 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://flowus.cn/share/20a4440e-1268-4df1-ab95-8583b450b7c4?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9560 – ESAFENET CDG Catelogs;logindojojs delCatelogs sql injection
https://notcve.org/view.php?id=CVE-2024-9560
06 Oct 2024 — A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. • https://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9536 – ESAFENET CDG MultiServerBackService sql injection
https://notcve.org/view.php?id=CVE-2024-9536
05 Oct 2024 — A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. • https://flowus.cn/share/3bf197ad-bfc4-4ed5-9f9a-a0aee07ca075?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46510
https://notcve.org/view.php?id=CVE-2024-46510
30 Sep 2024 — ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface • https://flowus.cn/share/c7784cff-2840-4761-8d1b-621016b6b1b9?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •