CVE-2024-10379 | ESAFENET CDG 5 DecryptApplicationService.java actionViewDecyptFile decryptFileId path traversal

CVE-2024-10379 | ESAFENET CDG 5 DecryptApplicationService.java actionViewDecyptFile decryptFileId path traversal

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. This vulnerability is known as CVE-2024-10379. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The affected function has a typo and is missing an R.