亿赛通-数据泄露防护(DLP)44个接口存在远程命令执行漏洞

北京赛克艾威科技有限公司 2024-02-19

  • 漏洞编号:暂无
  • 漏洞类型:命令执行
  • 漏洞等级:高危
  • 发布时间:2024-02-19

漏洞描述

近日,赛克艾威网络安全实验室监测到亿赛通-数据泄露防护(DLP)存在远程命令执行漏洞情报,包括44个接口存在远程命令执行漏洞。

测绘指纹

fofa:
body="CDGServer3" || title="电子文档安全管理系统" || cert="esafenet" || body="/help/getEditionInfo.jsp"||body="/CDGServer3/index.jsp"

影响版本及接口

https://127.0.0.1/CDGServer3/FileCountService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/ExamCDGDocService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/EmailAuditService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/docRenewApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/DecryptionApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/DecryptApplicationService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/DecryPermissApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/CreateDocService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/clientMessage?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/ClientLoginWeb?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/CheckClientServelt?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/CDGRenewApplication?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/CDGAuthoriseTempletService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/AutoSignService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/MailMessageLogServices?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/SystemService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/MailApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/GetValidateServerService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/GetValidateAuthCodeService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/GetUserSafetyPolicyService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/GetUsecPolicyService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/formType?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/OutgoingRestoreApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/OfflineApplicationService2?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/OfflineApplicationService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/offlineApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/ODMSubmitApplyService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UninstallApplicationService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/SecureUsbConnection?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/outgoingServlet?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/permissionApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/PrintAuditService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/PrintLimitApp?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/SetEstAlertLogService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UpdateClientStatus?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UpdatePasswordService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UpgradeService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UpgradeService2?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UploadFileListServiceForClient?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/UserLoginOutService1?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/FileLog2Service?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/TerminalLogService?command=GETSYSTEMINFO

https://127.0.0.1/CDGServer3/GetValidateLoginUserService?command=GETSYSTEMINFO

修复建议

厂商已提供漏洞修补方案,请关注厂商主页及时更新:
http://www.esafenet.com/