CVE-2024-9536

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Oct 5, 2024 / Updated: 45d ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9536

Oct 5, 2024 at 4:15 PM
First Article

Feedly found the first article mentioning CVE-2024-9536. See article

Oct 5, 2024 at 4:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 5, 2024 at 4:21 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Oct 6, 2024 at 11:57 AM
Static CVE Timeline Graph

Affected Systems

Esafenet/cdg
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI