CVE-2024-12014

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions eSigna product versions 1.0 through 1.5

Description The issue concerns Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component. An unauthenticated attacker can access arbitrary files in the document system by manipulating file paths and object identifiers.

Recommendations For eSigna product versions 1.0 through 1.5, consider restricting access to the eSignaViewer component until a patch is available. As a temporary workaround, limit the manipulation of file paths and object identifiers to prevent unauthorized access to the document system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-20

Related Identifiers

CVE-2024-12014

Affected Products

Esignal

Esignaviewer

CVE-2024-12014

Weakness Enumeration

Related Identifiers

Affected Products

References · 9