Softwareag Mashzone Nextgen — known CVE vulnerabilities
Every CVE whose affected-product data names Softwareag Mashzone Nextgen, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-33207 — CVSS 9.8 (critical): The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
CVE-2021-33208 — CVSS 7.2 (high): The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML…
CVE-2021-33523 — CVSS 7.2 (high): MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can…
CVE-2021-33581 — CVSS 7.2 (high): MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the…