CVE-2024-42885

Name of the Vulnerable Software and Affected Versions ESAFENET CDG versions 5.6 and earlier

Description The issue allows an attacker to execute arbitrary code via the id parameter of the "data.jsp" page. This is an SQL Injection flaw that can be exploited to gain unauthorized access and execute malicious code.

Recommendations For ESAFENET CDG versions 5.6 and earlier, consider disabling access to the "data.jsp" page or restricting the use of the id parameter until a patch is available. Avoid using the id parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.