CVE-2024-2648

Name of the Vulnerable Software and Affected Versions Netentsec NS-ASG Application Security Gateway version 6.3

Description A problematic issue was found in the affected software, where an unknown function of the file /nac/naccheck.php is impacted. The manipulation of the username argument leads to improper neutralization of data within xpath expressions. This allows for a remote attack. The issue has been publicly disclosed and may be exploited.

Recommendations Netentsec NS-ASG Application Security Gateway version 6.3: Update the software to a version where this issue is resolved, or apply a patch if provided by the vendor to fix the improper neutralization of data within xpath expressions. As a temporary workaround, consider restricting access to the /nac/naccheck.php file or disabling the unknown function impacted by this issue until a patch is available. Avoid using the username argument in the affected function until the issue is resolved.