Arbitrary File Download Vulnerability in ESAFENET CDG V3 and V5
CVE-2019-9632 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
Learn more about our Cis Benchmark Audit For Server Software.