CVE-2024-10279

Name of the Vulnerable Software and Affected Versions ESAFENET CDG version 5

Description A critical issue has been identified, affecting the /com/esafenet/servlet/policy/PrintPolicyService.java file. The manipulation of the policyId argument leads to SQL injection. This issue can be exploited remotely. The vendor was notified about the disclosure but did not respond.

Recommendations For ESAFENET CDG version 5, as a temporary workaround, consider restricting access to the PrintPolicyService.java file or disabling the manipulation of the policyId argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.