CVE-2024-9560

Summary

CVE-2024-9560 is a critical SQL injection vulnerability found in ESAFENET CDG V5, specifically in the delCatelogs function located at /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. This vulnerability allows remote attackers to manipulate the 'id' argument, potentially leading to unauthorized data access or manipulation. Affected products include zF8ara, and the nature of this exploit requires low privileges with no user interaction necessary. To remediate this issue, organizations should apply appropriate security patches provided by the vendor and implement input validation measures to prevent SQL injection attacks. The potential impact includes partial confidentiality and integrity loss, necessitating immediate attention from affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.