Mashzone Nextgen Security Vulnerabilities and Issues — Mashzone Nextgen CVE List

Lucene search

SoftwareagMashzone Nextgen

4 matches found

CVE•added 2022/03/30 11:15 p.m.•74 views

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.

7.2CVSS7.1AI score0.01284EPSS

CVE•added 2022/03/30 10:15 p.m.•71 views

CVE-2021-33581

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.

7.2CVSS6.9AI score0.00864EPSS

CVE•added 2022/03/30 10:15 p.m.•64 views

CVE-2021-33208

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

7.2CVSS6.8AI score0.00941EPSS

CVE•added 2022/04/05 3:15 a.m.•62 views

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.

9.8CVSS9.3AI score0.02785EPSS