CVE-2024-12014 LOW

CVE-2024-12014: Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access

Weakness CWE-20 · Input validation
Published December 20, 2024
Last update May 20, 2025

CVSS base score

2.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Key dates

02Disclosure timeline

December 20, 2024 CVE published
May 20, 2025 Record updated