CVE-2017-18636

Name of the Vulnerable Software and Affected Versions CDG versions prior to 2017-01-01

Description The issue allows for directory traversal via the "downloadDocument.jsp" endpoint with the command and pathAndName parameters. Specifically, the "/downloadDocument.jsp?command=download&pathAndName=" API endpoint is vulnerable.

Recommendations For versions prior to 2017-01-01, consider restricting access to the downloadDocument.jsp endpoint until a fix is available. As a temporary workaround, avoid using the pathAndName parameter in the affected endpoint to minimize the risk of exploitation.