Esafenet Esafenet

  1. Vendors
  2. Esafenet

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Esafenet product.

RSS Feeds for Esafenet security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Esafenet products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Esafenet Sorted by Most Security Vulnerabilities since 2018

Esafenet Cdg51 vulnerabilities

Esafenet Dsm1 vulnerability

Esafenet Electronic Document Security Management System1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Esafenet. Last year, in 2025 Esafenet had 20 security vulnerabilities published. Right now, Esafenet is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 20 8.52
2024 32 9.13
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 0.00

It may take a day or so for new Esafenet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Esafenet Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-3401 Apr 08, 2025
SQLi via noticeId in ESAFENET CDG 5.6.3.154_20250114 /parameter/getLimitIPList.jsp A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
CVE-2025-3399 Apr 08, 2025
ESAFENET CDG 5.6.3 SQLi via /pubinfo/updateNotice.jsp ID A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
CVE-2025-3400 Apr 08, 2025
CRITICAL SQLi in ESAFENET CDG 5.6.3 via UnChkMailApp.jsp 'typename' A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
CVE-2025-2927 Mar 28, 2025
ESAFENET CDG 5.6.3.154.205 - /parameter/getFileTypeList.jsp Remote SQLi A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
CVE-2025-1845 Mar 03, 2025
ESAFENET DSM 3.1.2 CMDI via examExportPDF (s arg) A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Dsm
CVE-2025-1844 Mar 03, 2025
ESAFENET CDG 5.6.3 SQLi via backupLogDetail.jsp logTaskId A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
CVE-2025-1840 Mar 03, 2025
ESAFENET CDG 5.6.3.154.205 – SQLi via updateorg.jsp (flowId) A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Cdg
CVE-2025-1841 Mar 03, 2025
ESAFENET CDG 5.6.3.154.205 SQLi in ClientSortLog.jsp (remote) A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Cdg
CVE-2025-1158 Feb 10, 2025
ESAFENET CDG 5.6.3.154_20250114: addPolicyToSafetyGroup.jsp SQLi via safetyGroupId A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been classified as critical. Affected is an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the argument safetyGroupId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
CVE-2025-0795 Jan 29, 2025
ESAFENET CDG V5 XSS via flowId in /todolistjump.jsp A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cdg
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.