CVE-2024-12014

Summary

Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Affected Software

VendorProductVersion RangeStatus
Lleidanet PKIeSigna1.3.2unaffected
Lleidanet PKIeSigna1.4.4unaffected
Lleidanet PKIeSigna4.0.4unaffected
Lleidanet PKIeSigna4.1.4unaffected
Lleidanet PKIeSigna5.0.2unaffected
Lleidanet PKIeSigna5.1.2unaffected
Lleidanet PKIeSigna5.2.4unaffected
Lleidanet PKIeSigna5.3.3unaffected
Lleidanet PKIeSigna5.4.1unaffected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References