6 matches found
CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
CVE-2021-4461
CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System
VulnCheck KEV: CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
PT-2025-44459
Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 Description The software does not properly decode and parse the enc parameter in the thirdpartyController.do endpoint. The decoded map values can influence session...