CVE-2024-10134: ESAFENET CDG MultiServerAjax.java connectLogout sql injection
First published: Sat Oct 19 2024(Updated: )
A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gemalto SafeNet CDG | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-10134?
CVE-2024-10134 is classified as critical due to its potential for SQL injection vulnerabilities.
How do I fix CVE-2024-10134?
To mitigate CVE-2024-10134, ensure that user inputs are properly sanitized and validated before processing.
Which software is affected by CVE-2024-10134?
CVE-2024-10134 affects ESAFENET CDG version 5.
What type of vulnerability is CVE-2024-10134?
CVE-2024-10134 is categorized as an SQL injection vulnerability.
Can CVE-2024-10134 be exploited remotely?
Yes, CVE-2024-10134 can be exploited remotely through the affected function in the application.
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/esafenet
- canonical/gemalto safenet cdg
- version/gemalto safenet cdg/5