CVE-2024-12014: Path Traversal and IDOR Vulnerabilities in eSignaViewer Allow Unauthorized File Access

2.0 CVSS

Description

Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Classification

CVE ID: CVE-2024-12014

CVSS Base Severity: LOW

CVSS Base Score: 2.0

Affected Products

Vendor: Lleidanet PKI

Product: eSigna

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/

Timeline

2024-12-21 00:30:25 UTC
CVE

Path Traversal and IDOR Vulnerabilities in eSignaViewer Allow Unauthorized File Access