CVE-2024-10278: ESAFENET CDG ReUserOrganiseService.java sql injection
First published: Wed Oct 23 2024(Updated: )
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gemalto SafeNet CDG | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-10278?
The severity of CVE-2024-10278 is classified as critical.
How does CVE-2024-10278 affect ESAFENET CDG 5?
CVE-2024-10278 affects ESAFENET CDG 5 by allowing SQL injection through the manipulation of the userId argument.
Can CVE-2024-10278 be exploited remotely?
Yes, CVE-2024-10278 can be exploited remotely.
What part of the software is vulnerable in CVE-2024-10278?
CVE-2024-10278 affects the file /com/esafenet/servlet/user/ReUserOrganiseService.java.
How do I fix CVE-2024-10278?
To fix CVE-2024-10278, users should implement input validation to prevent SQL injection in the affected service.
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/esafenet
- canonical/gemalto safenet cdg
- version/gemalto safenet cdg/5