VYPR
Medium severity6.3NVD Advisory· Published Oct 25, 2024· Updated Jun 17, 2026

CVE-2024-10377

CVE-2024-10377

Description

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2024-10069. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

2
  • Esafenet/CDGllm-fuzzy2 versions
    5+ 1 more
    • (no CPE)range: 5
    • (no CPE)range: 5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.