CVE-2024-10500: ESAFENET CDG HookWhiteListService.java sql injection
First published: Wed Oct 30 2024(Updated: )
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gemalto SafeNet CDG | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-10500?
CVE-2024-10500 is classified as a critical severity vulnerability.
What systems are affected by CVE-2024-10500?
CVE-2024-10500 affects ESAFENET CDG version 5.
How does CVE-2024-10500 exploit SQL injection?
CVE-2024-10500 allows manipulation of the argument policyId in the HookWhiteListService.java file, leading to SQL injection.
How do I fix CVE-2024-10500?
To fix CVE-2024-10500, ensure to sanitize and validate inputs to prevent SQL injection vulnerabilities.
What are the potential impacts of CVE-2024-10500?
The exploitation of CVE-2024-10500 could allow attackers to execute arbitrary SQL commands, potentially compromising the database.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/esafenet
- canonical/gemalto safenet cdg
- version/gemalto safenet cdg/5