CVE-2024-2648

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-643
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2024-2645

MEDIUM
CVSS:5.3(Medium)

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation ...

CWE-6432024

CVE-2022-43840

MEDIUM
CVSS:4.3(Medium)

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the stru...

CWE-6432022

CVE-2023-24922

MEDIUM
CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2023-36429

MEDIUM
CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2023-36433

MEDIUM
CVSS:6.5(Medium)

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CWE-6432023

CVE-2024-8955

MEDIUM
CVSS:6.8(Medium)

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the ...

CWE-6432024