CVE-2024-12014
LOWeSigna 1.0-1.5 - Unauthenticated Path Traversal in eSignaViewer
Title source: llmDescription
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
References (1)
Core 1
Scores
CVSS v4
2.0
EPSS
0.0034
EPSS Percentile
25.8%
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (9)
Lleidanet PKI/eSigna
1.3.2
Lleidanet PKI/eSigna
1.4.4
Lleidanet PKI/eSigna
4.0.4
Lleidanet PKI/eSigna
4.1.4
Lleidanet PKI/eSigna
5.0.2
Lleidanet PKI/eSigna
5.1.2
Lleidanet PKI/eSigna
5.2.4
Lleidanet PKI/eSigna
5.3.3
Lleidanet PKI/eSigna
5.4.1
Published
Dec 20, 2024
Tracked Since
Feb 18, 2026