Genian ZTNA Security Advisories
Last Updated: 2025-10-01
Security Vulnerability
Fixed Versions |
Key |
Components |
Description |
Affects Versions |
CVSS Score |
|---|---|---|---|---|---|
6.0.9 |
WebUI |
Improved so that CWP does not redirect to an illegal path via the PAGEFW parameter |
4.2 |
||
6.0.9 |
Center, Sensor |
Secure coding inspection results vulnerability patch |
|||
6.0.9 |
Center, Sensor |
Improved the _filelist.html file to be generated differently for each center |
3.0 |
||
6.0.8 |
WebUI |
Blind SQL Injection vulnerability in node search bar |
5.3 |
||
6.0.8 |
Sensor |
Modified Dnsmasq to not cache query results in order to prevent DNS Cache Attacks |
3.7 |
||
6.0.8 |
Center, Sensor |
Administrator approval system to enhance security when registering sensor policy servers |
7.9 |
||
6.0.7 |
Database, WebUI |
Issues where management roles are not applied to Policy > Cloud Security Group Policy |
3.5 |
||
6.0.7 |
Center, Sensor |
CSAP (SaaS) Security Certification Audit Source Code Vulnerability Measures - C/C++ |
7.5 |
||
6.0.7 |
WebUI |
Possible problems with XSS when/is appended after the HTML Tag string |
4.9 |
||
6.0.7 |
WebUI |
Tomcat version upgrade (8.5.78 -> 9.0.65) |
7.5 |
||
6.0.7 |
WebUI |
CSAP (SaaS) security certification audit source code vulnerability measures |
0.0 |
||
6.0.7 |
WebUI |
[Universal OS Ubuntu] Management Console > An issue where the 'X-Frame-Options' header on the CWP Design Template list page is displayed as allowall |
6.5 |
||
6.0.7 |
macOS Agent |
Upgrade to the latest versions of macOS Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q) |
5.3 |
||
6.0.6 |
WebUI |
A problem where usable method information is output through an unused HTTP-method |
5.3 |
||
6.0.6 |
Linux Agent |
Upgrading Linux Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q) to the latest versions |
5.3 |
||
6.0.5 |
Center, macOS Agent, Sensor, Windows Agent |
Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1q) |
5.3 |
||
6.0.5 |
WebUI |
Library upgrades based on vulnerability checks |
9.8 |
||
6.0.4 |
WebUI |
Web service vulnerability improved so that Apache WAS information is not exposed |
4.0.119, 5.0.16 |
2.5 |
|
6.0.4 |
WebUI |
A lib upgrade where a vulnerability was discovered in the Java lib used by WebUI |
9.8 |
||
6.0.4 |
Windows Agent |
윈도우 에이전트 Secure coding inspection results vulnerability patch |
5.0.0, 6.0.0 |
||
6.0.39, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Tomcat version upgrade (9.0.108 -> 9.0.111) |
5.0.65 (LTS), 6.0.26 (LTS), 6.0.35 (LTS), 5.0.75 (LTS), 6.0.36, 5.0.76 |
2.2 |
|
6.0.39 |
WebUI |
Lib version update/removal work with critical vulnerabilities |
0.0 |
||
6.0.37, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Improved so that files that can execute scripts are not uploaded |
3.1 |
||
6.0.37, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Improve issues where node and user management policies can be modified and policies can be applied with limited rights through web browser control |
3.1 |
||
6.0.32 |
WebUI |
Vulnerability where internal network information can be queried through CWP |
5.0.0, 6.0.0 |
4.3 |
|
6.0.3 |
Center, macOS Agent, Sensor, Windows Agent |
Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1o) |
9.8 |
||
6.0.3 |
WebUI |
Tomcat version upgrade (8.5.78) |
8.6 |
||
6.0.3 |
Center |
Apache HTTP Server 2.4.53 upgrade |
9.8 |
||
6.0.28 |
WebUI |
A vulnerability that can modify a user's immutable information |
5.0.0, 6.0.0 |
2.2 |
|
6.0.27 |
Change REST API calls to be made only through the management console port (8443) |
||||
6.0.22 |
WebUI |
Vulnerability fixes that are not immediately reflected when the administrator's rights are changed |
3.3 |
||
6.0.21, 6.0.16 |
WebUI |
A problem where blind injection is possible in the node management search bar |
2.2 |
||
6.0.20, 6.0.16 |
WebUI |
Service disabled by executing a Tomcat restart command by an unauthorized administrator |
5.0.41 |
2.7 |
|
6.0.2 |
WebUI |
Issues where XSS is possible in Audit > Logs > Log Search |
4.3 |
||
6.0.2 |
WebUI |
An issue where files can be accessed by relative paths on the debug log screen |
3.83 |
||
6.0.2 |
Center, macOS Agent, Windows Agent |
Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1n) |
4.0.0, 5.0.0, 6.0.0 |
7.5 |
|
6.0.2 |
WebUI |
Remove logstash |
5.9 |
||
6.0.18, 6.0.16 |
WebUI |
Vulnerability where information can be modified by directly entering a URL to an unauthorised page |
3.1 |
||
6.0.18, 6.0.16 |
WebUI |
File export permission bypass vulnerability for unauthorized administrators through the Audit Log REST API |
3.1 |
||
6.0.17, 6.0.16 |
WebUI |
Tomcat version upgrade (8.5.94 -> 8.5.96/9.0.81 -> 9.0.83) |
7.5 |
||
6.0.17, 6.0.16 |
WebUI |
Tomcat version upgrade (8.5.94/9.0.81) |
7.5 |
||
6.0.17, 6.0.16 |
WebUI |
Improved two-step verification to limit the number of times the verification code can be entered and the time limit |
4.3 |
||
6.0.17 |
WebUI |
The problem of not being able to log in after an abnormal API call |
5.0.42, 5.0.49, 6.0.7, 4.0.156, 5.0.56 |
5.3 |
|
6.0.16 |
WebUI |
A problem where Passkey can be registered using the Passkey re-registration function without permission |
3.9 |
||
6.0.16 |
WebUI |
Vulnerability where an html tag output as a department name is executed in a tree |
5.0.0 |
1.2 |
|
6.0.16 |
Center |
Command Injection vulnerability via SQL used to update data |
6.6 |
||
6.0.16 |
Sensor |
nmap script tampering vulnerability during sensor NMDB update |
4.1 |
||
6.0.16 |
Sensor |
Insufficient validation of incoming sensor events |
6.3 |
||
6.0.16 |
Center |
Parameter injection vulnerability due to insufficient verification of download URLs |
6.6 |
||
6.0.16 |
WebUI |
Vulnerability where html/script code can be injected |
5.3 |
||
6.0.15 |
Center |
Code improvements to Bufferoverflow |
2.0 |
||
6.0.15 |
Linux Agent, macOS Agent, Windows Agent |
[Agent] Added validation for events sent from the Center and sensors |
6.3 |
||
6.0.15 |
WebUI |
Vulnerability that allows unprivileged administrators to download debug logs |
2.9 |
||
6.0.15 |
WebUI |
Vulnerability where an administrator's API key is exposed to other administrators |
5.3 |
||
6.0.15 |
WebUI |
A problem where redirection can be performed by modulating the returnURL parameter used when moving pages in the management console |
1.9 |
||
6.0.14 |
Windows Agent |
A vulnerability that allows an ordinary user to obtain PC administrator rights via an agent |
5.0.0, 6.0.0 |
4.6 |
|
6.0.14 |
WebUI |
Vulnerability where an unauthorized administrator can view debug logs in real time |
5.0.0, 6.0.0 |
2.9 |
|
6.0.13 |
WebUI |
An issue where Google OTP 2-step verification can pass 2-step verification by receiving a new security key |
6.5 |
||
6.0.12 |
Database |
MySQL version upgrade 5.7.40 -> 5.7.41 |
|||
6.0.12 |
WebUI |
Tomcat version upgrade (9.0.68 -> 9.0.72, 8.5.78 -> 8.5.86) |
|||
6.0.12 |
Center, macOS Agent, Sensor, Windows Agent |
OpenSSL 1.1.1t upgrade - Passing random pointers to memcmp calls can read memory contents or cause denial of service |
7.4 |
||
6.0.12 |
MySQL |
MySQL version upgrade 5.7.33 -> 5.7.40 |
|||
6.0.12 |
CWP |
A problem where only an account (ID) is authenticated when CWP is authenticated using the agent user authentication menu when the IP management message is first on |
6.0.3, 5.0.46 |
3.4 |
|
6.0.11 |
WebUI |
CSP and HSTS headers added to WebUI Response Headers |
|||
6.0.11 |
Windows Agent |
A problem where agents have high privileges when running a web browser |
4.0.0, 5.0.0, 6.0.0 |
3.3 |
|
6.0.11 |
WebUI |
WebUI lib vulnerability check |
|||
6.0.11 |
IPMGMT |
A problem where you can log in with only a user ID via frontpage in the IP application system |
4.9 |
||
6.0.10 |
IPMGMT, WebUI |
IP Application System > IP Application Screen XSS Possible Problems |
5.4 |
||
6.0.10 |
WebUI |
Added a re-authentication procedure when accessing the user information modification page on the CWP screen |
4.2 |
||
6.0.10 |
WebUI |
Issues where XSS is possible in Audit > Logs > Log search bar |
5.6 |
||
6.0.1 |
GNOS |
2.4.52 version upgrade for Apache vulnerability measures |
9.8 |
||
6.0.1 |
WebUI |
log4j vulnerability improvements |
9.8 |
||
6.0.1 |
Center |
Complementing agent-related APIs with poor authentication |
4.6 |
||
6.0.1 |
WebUI |
[SaaS] Saas security authentication source code inspection result measures |
9.1 |
||
6.0.1 |
gnlogin, WebUI |
Handle passwords so that specific words cannot be used |
8.7 |
||
6.0.0 |
GNOS |
Removing the reverse shell feature from the netcat (nc) command included with the product |
|||
6.0.0 |
Center |
SOAP/REST restrictions that can be called via HTTP |
2.5 |
||
6.0.0 |
macOS Agent, Windows Agent |
An abnormal termination issue due to packet manipulation of UDP events to the agent |
3.4 |
||
6.0.0 |
macOS Agent, Windows Agent |
Fixed an XSS vulnerability when the agent displayed instant messages |
6.8 |
||
6.0.0 |
Center, Sensor |
A problem where the daemon may terminate abnormally when processing UDP event packets |
5.0.36 |
6.4 |
|
6.0.0 |
WebUI |
Administrator login bypass vulnerability using mobile apps |
6.1 |
||
6.0.0 |
WebUI |
REST API Command Injection |
6.7 |
||
6.0.0 |
WebUI |
XSS attack vulnerability when applying as an Excel file when applying as a CWP user |
6.8 |
||
6.0.0 |
WebUI |
Internal file download vulnerability via a relative path on the Agent Download page |
5.0.37 |
5.2 |
|
6.0.0 |
WebUI |
A problem where the REST API can be called even if there is no valid authentication base when calling the REST API |
4.9 |
||
6.0.0 |
Center |
Improving Denial of Service (DoS) vulnerabilities through APIs |
6.4 |
||
6.0.0 |
Center |
Complementing sensor-related APIs with poor authentication |
4.6 |
||
6.0.0 |
Center |
Internally used SOAP API vulnerability exposed externally via RPC |
|||
6.0.0 |
WebUI |
(KVE-2021-1062) Enhanced name validity check for the file upload component in Conf Engine |
6.7 |
||
6.0.0 |
WebUI |
(KVE-2021-1062) SSTI vulnerability in CWP Design Template |
|||
6.0.0 |
Windows Agent |
(KVE-2021-1062) Vulnerability where relative paths can be used when generating agent files |
6.1 |
||
6.0.0 |
Center |
(KVE-2021-1061) A vulnerability where passwords can be changed without being an authenticated user on a node |
8.7 |
||
6.0.0 |
Center, Sensor |
(KVE-2021-1061) Vulnerability where information from all nodes can be obtained without sensor information |
|||
6.0.0 |
macOS Agent, Windows Agent |
Agent OpenSSL 1.1.1l update |
9.8 |
||
6.0.0 |
GNOS |
Upgraded to openSSL version 1.1.1l |
4.0.146, 5.0.44, 6.0.1 |
9.8 |
|
6.0.0 |
Center |
Fixes to defend against command injection attacks |
8.0 |
||
6.0.0 |
Center |
Improved so that unusable plug-ins are not delivered to agents |
7.6 |
||
6.0.0 |
Center |
Improved SQL Injection defense processing method |
8.7 |
||
6.0.0 |
GNOS |
Remove the vulnerable LD_LIBRARY_PATH environment variable within GNOS |
|||
6.0.0 |
WebUI |
[SaaS] SaaS security authentication WAS (Tomcat) vulnerability improvements |
7.5 |
||
6.0.0 |
GNOS |
Upgrading openssh to version 8.6p1 |
|||
6.0.0 |
WebUI |
[CC] Web vulnerability check results security |
6.5 |
||
6.0.0 |
GenianOS |
Apache httpd (2.4.48)/tomcat (8.5.63) upgrade |
7.5 |
||
6.0.0 |
ElasticSearch |
[CC] Elasticsearch upgraded to version 5.6.16 |
8.8 |