CVE-2024-10597

Name of the Vulnerable Software and Affected Versions ESAFENET CDG 5

Description A critical vulnerability has been found in ESAFENET CDG 5, affecting the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to SQL injection. It is possible to initiate the attack remotely.

Recommendations To mitigate the risk, update to the latest version and apply all recommended patches. As a temporary workaround, consider restricting access to the vulnerable function delPolicyAction until a patch is available. Ensure you update to the latest version to safeguard your environment.