Published: 17/06/2022 Updated: 14/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rocketsoftware ags-zena 4.2.1

Zena Housekeeping notes: The original CookieMonster Repo can be found here githubcom/JetP1ane/zena Rocket Software Patch Release notes docsrocketsoftwarecom/bundle/ven1649700711249/page/ayk1652945111726html CVE-2021-45026 Stored XSS CVE-2021-45025 Cleartext Storage of Sensitive Information in a Cookie Researchers: James Barnett and Jeffrey Green Zena CookieM

Zena - Stored XSS to RCE Exploit POC Exploit POC for Rocket Software's Zena application v 421 - Stored XSS to RCE CVE-2021-45025 CVE-2021-45026 phoenix-secio/2022/06/17/Zena-CookieMonsteRCEhtml Credits: James Barnett and Jeff Green POC Process: Logs into Zena's webconfig page using default credentials Drops Stored XSS payload Payload needs to be triggere

CWE-312 http://asg.com https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html http://asg-zena.com https://nvd.nist.gov https://github.com/cptsticky/xxe-zena

CVE-2021-45025

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect