Description
A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way.
In ESAFENET CDG 5 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es die Funktion actionViewDecyptFile der Datei /com/esafenet/servlet/client/DecryptApplicationService.java. Dank der Manipulation des Arguments decryptFileId mit der Eingabe ../../../Windows/System32/drivers/etc/hosts mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
Timeline
| 2024-10-25: | Advisory disclosed |
| 2024-10-25: | VulDB entry created |
| 2024-10-25: | VulDB entry last update |
Credits
0menc (VulDB User)
References
vuldb.com/?id.281809 (VDB-281809 | ESAFENET CDG DecryptApplicationService.java actionViewDecyptFile path traversal)
vuldb.com/?ctiid.281809 (VDB-281809 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.426087 (Submit #426087 | ESAFENET CDG V5 Exposure of Sensitive Information Through Data Queries)
flowus.cn/...b03c61a-76a5-4f45-9ee7-a88e0f21d539?code=G8A6P3
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.