4 matches found
CVE-2021-33523
MashZone NextGen (up to 10.7 GA) contains a vulnerability where a remote authenticated user with admin-console access can upload a JDBC driver via com.idsscheer.ppmmashup.business.jdbc.DriverUploadController, allowing execution of arbitrary commands on the underlying host. The Red Hat and NVD ent...
CVE-2021-33581
MashZone NextGen up to 10.7 GA is affected by SSRF in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService, allowing an attacker to interact with arbitrary TCP services by abusing the availability-check feature for a PPM connection. Affected product is MashZone NextGen; the root cau...
CVE-2021-33208
CVE-2021-33208 – MashZone NextGen : Affected product is MashZone NextGen (through 10.7 GA; earlier versions implied by “through 10.7 GA”). The vulnerability is in the admin feature Register an Ehcache Configuration File , caused by an XML external entity (XXE) flaw in processing a malicious XML c...
CVE-2021-33207
CVE-2021-33207 affects Software AG MashZone NextGen up to version 10.7 GA. The vulnerability arises in the HTTP client, which deserializes untrusted data when processing an HTTP response with status code 570. Connected sources confirm the affected product and the root cause (deserialization of un...