Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for mashzone_nextgen by softwareag
CVE-2021-33207 (GCVE-0-2021-33207)
Vulnerability from cvelistv5 – Published: 2022-04-05 02:01 – Updated: 2024-08-03 23:42
VLAI
EPSS
VEX
Summary
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T02:01:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33207",
"datePublished": "2022-04-05T02:01:54.000Z",
"dateReserved": "2021-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33523 (GCVE-0-2021-33523)
Vulnerability from cvelistv5 – Published: 2022-03-30 22:06 – Updated: 2024-08-03 23:50
VLAI
EPSS
VEX
Summary
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T22:06:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33523",
"datePublished": "2022-03-30T22:06:40.000Z",
"dateReserved": "2021-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:43.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33208 (GCVE-0-2021-33208)
Vulnerability from cvelistv5 – Published: 2022-03-30 21:52 – Updated: 2024-08-03 23:42
VLAI
EPSS
VEX
Summary
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"Register an Ehcache Configuration File\" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T21:52:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Register an Ehcache Configuration File\" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33208",
"datePublished": "2022-03-30T21:52:08.000Z",
"dateReserved": "2021-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33581 (GCVE-0-2021-33581)
Vulnerability from cvelistv5 – Published: 2022-03-30 21:47 – Updated: 2024-08-03 23:50
VLAI
EPSS
VEX
Summary
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T21:47:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33581",
"datePublished": "2022-03-30T21:47:48.000Z",
"dateReserved": "2021-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:43.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33207 (GCVE-0-2021-33207)
Vulnerability from nvd – Published: 2022-04-05 02:01 – Updated: 2024-08-03 23:42
VLAI
EPSS
VEX
Summary
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T02:01:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33207",
"datePublished": "2022-04-05T02:01:54.000Z",
"dateReserved": "2021-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33523 (GCVE-0-2021-33523)
Vulnerability from nvd – Published: 2022-03-30 22:06 – Updated: 2024-08-03 23:50
VLAI
EPSS
VEX
Summary
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T22:06:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33523",
"datePublished": "2022-03-30T22:06:40.000Z",
"dateReserved": "2021-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:43.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33208 (GCVE-0-2021-33208)
Vulnerability from nvd – Published: 2022-03-30 21:52 – Updated: 2024-08-03 23:42
VLAI
EPSS
VEX
Summary
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"Register an Ehcache Configuration File\" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T21:52:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Register an Ehcache Configuration File\" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33208",
"datePublished": "2022-03-30T21:52:08.000Z",
"dateReserved": "2021-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33581 (GCVE-0-2021-33581)
Vulnerability from nvd – Published: 2022-03-30 21:47 – Updated: 2024-08-03 23:50
VLAI
EPSS
VEX
Summary
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.softwareag.com/corporate/products/az/… | x_refsource_MISC |
| https://github.com/blackarrowsec/advisories/tree/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T21:47:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default",
"refsource": "MISC",
"url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default"
},
{
"name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581",
"refsource": "MISC",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33581",
"datePublished": "2022-03-30T21:47:48.000Z",
"dateReserved": "2021-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:43.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}