RULE(RULE ID:338282)

Rule General Information
Release Date: 2024-07-30
Rule Name: Esafenet DLP NetSecConfigAjax SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Esafenet DLP is a comprehensive data security product. SQL injection vulnerability exists in the Esafenet DLP. The vulnerability is due to the failure to effectively check and filter the state parameter of NetSecConfigAjax interface. Malicious attackers can inject SQL statements through this vulnerability to realize illegal operations such as reading, modifying and forging database information.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.