3 matches found
Xxe
ASG technologies A Rocket Software Company ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity XXE...
CVE-2021-45025
CVE-2021-45025 affects ASG-Zena Cross Platform Server Enterprise Edition 4.2.1, where sensitive information is stored in cookies in cleartext, enabling information disclosure. Impact and fix details are supported by multiple sources (NVD/CNVD/CVE pages) and connected advisories. Remediation per s...
CVE-2021-45024
CVE-2021-45024 affects ASG-Zena Cross Platform Server Enterprise Edition 4.2.1. The connected documents describe an XML External Entity (XXE) vulnerability in the XML import handling that can lead to SSRF and data exfiltration via the server (endpoints such as oc_main/zenaweb/scheduler/operation)...