PT-2025-21276 · Esignal · Esignal
Pablo Alcarria
·
Published
2025-05-15
·
Updated
2025-05-15
·
CVE-2025-4762
CVSS v4.0
2.0
Low
| Vector | AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
eSigna versions 1.0 through 1.5
Description:
The issue is related to an Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component. This vulnerability allows an unauthenticated attacker to access arbitrary files in the document system by manipulating file paths and object identifiers.
Recommendations:
For eSigna versions 1.0 through 1.5, consider restricting access to the eSignaViewer component until a patch is available. As a temporary workaround, limit the manipulation of file paths and object identifiers to prevent unauthorized access to the document system.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esignal