CVE-2024-9536

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Oct 5, 2024

Updated: Oct 7, 2024

CWE ID 89

Summary

CVE-2024-9536 is a critical vulnerability identified in ESAFENET CDG V5, specifically affecting an unknown functionality of the file located at /MultiServerBackService?path=1. The flaw arises from improper handling of the argument fileId, leading to a potential SQL injection attack that can be executed remotely. The vendor has not responded to disclosure attempts, raising concerns about the vulnerability's exploitation. Organizations are advised to implement security measures such as input validation and updates to mitigate this risk. The vulnerability has been assigned a CVSS score of 6.3, indicating a medium severity level with low privileges required for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database