CVE-2024-2645

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-643
View all →

Vulnerability Description

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2024-2648

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of...

CWE-6432024

CVE-2022-43840

MEDIUM
CVSS:4.3(Medium)

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the stru...

CWE-6432022

CVE-2023-24922

MEDIUM
CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2023-36429

MEDIUM
CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2023-36433

MEDIUM
CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2024-8955

MEDIUM
CVSS:6.8(Medium)

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the ...

CWE-6432024