First published: Fri Mar 08 2019(Updated: )
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Esafenet Electronic Document Security Management System | =v3 | |
Esafenet Electronic Document Security Management System | =v5 | |
=v3 | ||
=v5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9632 is rated as a medium severity vulnerability due to its potential for arbitrary file download.
To mitigate CVE-2019-9632, users should apply available patches from Esafenet for the affected versions V3 and V5.
CVE-2019-9632 affects Esafenet Electronic Document Security Management System versions V3 and V5.
CVE-2019-9632 is an arbitrary file download vulnerability resulting from improper handling of the InstallationPack parameter.
Yes, CVE-2019-9632 can potentially lead to data leakage by allowing unauthorized file downloads.