CVE-2024-5590

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jun 3, 2024
CWE ID 89

Summary

CVE-2024-5590 is a newly disclosed critical vulnerability affecting the Netentsec NS-ASG Application Security Gateway version 6.3. The issue lies within the JSON Content Handler component and the file /protocol/iscuser/uploadiscuser.php. An attacker can manipulate the argument messagecontent to execute SQL injection attacks remotely. Though the vendor was notified about the disclosure, they have yet to respond. The identifier for this vulnerability is VDB-266848, and public exploits are now available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share