Esafenet: Security Vulnerabilities
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-09-05
CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-30
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
CVSS Score
7.5
EPSS Score
0.591
Published
2019-03-08
Page 6