3 matches found
CVE-2021-45025
CVE-2021-45025 affects ASG-Zena Cross Platform Server Enterprise Edition 4.2.1, where sensitive information is stored in cookies in cleartext, enabling information disclosure. Impact and fix details are supported by multiple sources (NVD/CNVD/CVE pages) and connected advisories. Remediation per s...
CVE-2021-45026
The CVE-2021-45026 entry concerns ASG-Zena Cross Platform Server Enterprise Edition 4.2.1, where multiple sources describe a Cross Site Scripting (XSS) vulnerability in the Web UI (ClientManager/Webconfig) arising from insufficient input filtering/escaping. Public records identify this as a store...
CVE-2021-45024
CVE-2021-45024 affects ASG-Zena Cross Platform Server Enterprise Edition 4.2.1. The connected documents describe an XML External Entity (XXE) vulnerability in the XML import handling that can lead to SSRF and data exfiltration via the server (endpoints such as oc_main/zenaweb/scheduler/operation)...