CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-25026
https://notcve.org/view.php?id=CVE-2022-25026
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. Server-Side Request Forgery (SSRF) en Rocket TRUfusion Portal v7.9.2.1 permite a atacantes remotos obtener acceso a recursos confidenciales en la red interna a través de una solicitud HTTP manipulada a /trufusionPortal/upDwModuleProxy. • https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36431
https://notcve.org/view.php?id=CVE-2022-36431
An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. Una vulnerabilidad de carga de archivos arbitrarios en Rocket TRUfusion Enterprise anterior a 7.9.6.1 permite a atacantes no autenticados ejecutar código arbitrario a través de un archivo JSP manipulado. Problema solucionado en la versión 7.9.6.1. • https://docs.rocketsoftware.com/bundle/TRUfusionEnterprise_ReleaseNotes_V7.9.6.1/resource/TRUfusionEnterprise_ReleaseNotes_V7.9.6.1.pdf https://www.synacktiv.com/sites/default/files/2022-11/trufusion_enterprise_unauthenticated_arbitrary_file_write.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45026
https://notcve.org/view.php?id=CVE-2021-45026
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). ASG technologies ASG-Zena Cross Platform Server Enterprise Edition versión 4.2.1, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) • https://github.com/JetP1ane/Zena-CVE-2021-45026 http://asg-zena.com http://asg.com https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45025
https://notcve.org/view.php?id=CVE-2021-45025
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 es vulnerable a un Almacenamiento en Texto sin Cifrar de Información Confidencial en una Cookie • http://asg-zena.com http://asg.com https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45024
https://notcve.org/view.php?id=CVE-2021-45024
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition versión 4.2.1, es vulnerable a un ataque de tipo XML External Entity (XXE) • http://asg-zena.com http://asg.com https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html • CWE-611: Improper Restriction of XML External Entity Reference •