Arbitrary File Download Vulnerability in ESAFENET CDG V3 and V5

Arbitrary File Download Vulnerability in ESAFENET CDG V3 and V5

CVE-2019-9632 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.

Learn more about our Cis Benchmark Audit For Server Software.