Search criteria
2 vulnerabilities by Lleidanet PKI
CVE-2025-4762 (GCVE-0-2025-4762)
Vulnerability from cvelistv5 – Published: 2025-05-15 11:49 – Updated: 2025-05-15 13:28
VLAI?
Summary
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lleidanet PKI | eSigna |
Unaffected:
1.3.2
Unaffected: 1.4.4 Unaffected: 4.0.4 Unaffected: 4.1.4 Unaffected: 5.0.2 Unaffected: 5.1.2 Unaffected: 5.2.4 Unaffected: 5.3.3 Unaffected: 5.4.1 |
Credits
Pablo Alcarria Lozano
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:26:47.028851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:28:18.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "eSignaViewer",
"product": "eSigna",
"vendor": "Lleidanet PKI",
"versions": [
{
"status": "unaffected",
"version": "1.3.2"
},
{
"status": "unaffected",
"version": "1.4.4"
},
{
"status": "unaffected",
"version": "4.0.4"
},
{
"status": "unaffected",
"version": "4.1.4"
},
{
"status": "unaffected",
"version": "5.0.2"
},
{
"status": "unaffected",
"version": "5.1.2"
},
{
"status": "unaffected",
"version": "5.2.4"
},
{
"status": "unaffected",
"version": "5.3.3"
},
{
"status": "unaffected",
"version": "5.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pablo Alcarria Lozano"
}
],
"datePublic": "2024-12-03T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Insecure Direct Object Reference"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T11:50:05.461Z",
"orgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782",
"shortName": "Edgewatch"
},
"references": [
{
"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782",
"assignerShortName": "Edgewatch",
"cveId": "CVE-2025-4762",
"datePublished": "2025-05-15T11:49:59.054Z",
"dateReserved": "2025-05-15T11:45:21.855Z",
"dateUpdated": "2025-05-15T13:28:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12014 (GCVE-0-2024-12014)
Vulnerability from cvelistv5 – Published: 2024-12-20 12:58 – Updated: 2025-05-20 14:36
VLAI?
Summary
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lleidanet PKI | eSigna |
Unaffected:
1.3.2
Unaffected: 1.4.4 Unaffected: 4.0.4 Unaffected: 4.1.4 Unaffected: 5.0.2 Unaffected: 5.1.2 Unaffected: 5.2.4 Unaffected: 5.3.3 Unaffected: 5.4.1 |
Credits
Pablo Alcarria Lozano
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T15:44:42.771779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:36:56.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "eSignaViewer",
"product": "eSigna",
"vendor": "Lleidanet PKI",
"versions": [
{
"status": "unaffected",
"version": "1.3.2"
},
{
"status": "unaffected",
"version": "1.4.4"
},
{
"status": "unaffected",
"version": "4.0.4"
},
{
"status": "unaffected",
"version": "4.1.4"
},
{
"status": "unaffected",
"version": "5.0.2"
},
{
"status": "unaffected",
"version": "5.1.2"
},
{
"status": "unaffected",
"version": "5.2.4"
},
{
"status": "unaffected",
"version": "5.3.3"
},
{
"status": "unaffected",
"version": "5.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pablo Alcarria Lozano"
}
],
"datePublic": "2024-12-03T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"value": "Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Insecure Direct Object Reference"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T11:42:33.751Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-12014",
"datePublished": "2024-12-20T12:58:02.961Z",
"dateReserved": "2024-12-02T10:39:36.887Z",
"dateUpdated": "2025-05-20T14:36:56.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}