Genian ZTNA Security Advisories
Last Updated: 2026-02-02
Security Vulnerability
Fixed Versions |
Key |
Components |
Description |
Affects Versions |
CVSS Score |
|---|---|---|---|---|---|
6.0.9 |
WebUI |
Improved to prevent redirect to illegal path via PAGEFW parameter in CWP |
4.2 |
||
6.0.9 |
Center, Sensor |
Vulnerability patch from secure coding inspection results |
|||
6.0.9 |
Center, Sensor |
Improved to generate _filelist.html file differently per center |
3.0 |
||
6.0.8 |
WebUI |
Blind SQL Injection vulnerability in node search bar |
5.3 |
||
6.0.8 |
Sensor |
Modified Dnsmasq to not cache query results in order to defend against DNS Cache Poisoning attacks |
3.7 |
||
6.0.8 |
Center, Sensor |
Administrator approval system for enhanced security during sensor policy server registration |
7.9 |
||
6.0.7 |
Database, WebUI |
Management role not applied to Policy > Cloud Security Group policy |
3.5 |
||
6.0.7 |
Center, Sensor |
CSAP(SaaS) security certification audit source code vulnerability fix - C/C++ |
7.5 |
||
6.0.7 |
WebUI |
Fixed XSS vulnerability when appending / after HTML Tag string |
4.9 |
||
6.0.7 |
WebUI |
Tomcat version upgrade (8.5.78 -> 9.0.65) |
7.5 |
||
6.0.7 |
WebUI |
CSAP(SaaS) security certification audit source code vulnerability fix |
0.0 |
||
6.0.7 |
WebUI |
[Generic OS Ubuntu] Fixed issue where 'X-Frame-Options' header displayed as allowall on Management Console > CWP Design Template list page |
6.5 |
||
6.0.7 |
macOS Agent |
macOS Agent, upgraded to latest OpenVPN(2.5.7) and OpenSSL(1.1.1q) versions |
5.3 |
||
6.0.6 |
WebUI |
Fixed issue where available method information was exposed via unused HTTP methods |
5.3 |
||
6.0.6 |
Linux Agent |
Linux Agent, upgraded to latest OpenVPN(2.5.7) and OpenSSL(1.1.1q) versions |
5.3 |
||
6.0.5 |
Center, macOS Agent, Sensor, Windows Agent |
Upgraded to latest OpenSSL version (OpenSSL 1.1.1q) |
5.3 |
||
6.0.5 |
WebUI |
Library upgrade based on vulnerability inspection results |
9.8 |
||
6.0.43, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Fixed issue where CWP authenticated users could repeatedly attempt password re-authentication without limit when modifying user information |
2.6 |
||
6.0.43 |
Center |
NET-SNMP version upgrade 5.9.1 -> 5.9.5 to resolve CVE vulnerability |
3.4 |
||
6.0.43 |
WebUI |
Fixed issue where password was logged in catalina.out when debug logging was enabled in user authentication SOAP call logic in management console |
6.0.0, 5.0.45 |
1.9 |
|
6.0.4 |
WebUI |
Improved web service vulnerability to not expose Apache WAS information |
4.0.119, 5.0.16 |
2.5 |
|
6.0.4 |
WebUI |
Upgraded vulnerable Java libraries used in WebUI |
9.8 |
||
6.0.4 |
Windows Agent |
Windows Agent secure coding inspection vulnerability patch |
5.0.0, 6.0.0 |
||
6.0.39, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Tomcat Version Upgrade (9.0.108 -> 9.0.111) |
5.0.65 (LTS), 6.0.26 (LTS), 6.0.35 (LTS), 5.0.75 (LTS), 6.0.36, 5.0.76 |
2.2 |
|
6.0.39 |
WebUI |
Library version upgrade/removal for critical vulnerabilities |
0.0 |
||
6.0.37, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Improved to prevent uploading of executable script files |
3.1 |
||
6.0.37, 6.0.35 (LTS), 6.0.26 (LTS) |
WebUI |
Improved issue where node and user management policies could be modified and applied with limited permissions via web browser control |
3.1 |
||
6.0.32 |
WebUI |
Vulnerability allowing internal network information to be viewed via CWP |
5.0.0, 6.0.0 |
4.3 |
|
6.0.3 |
Center, macOS Agent, Sensor, Windows Agent |
Upgraded to latest OpenSSL version (OpenSSL 1.1.1o) |
9.8 |
||
6.0.3 |
WebUI |
Tomcat version upgrade (8.5.78) |
8.6 |
||
6.0.3 |
Center |
Apache HTTP Server 2.4.53 upgrade |
9.8 |
||
6.0.28 |
WebUI |
Vulnerability allowing modification of user's non-editable information |
5.0.0, 6.0.0 |
2.2 |
|
6.0.27 |
Changed so REST API calls are only possible through management console port (8443) |
||||
6.0.22 |
WebUI |
Fixed vulnerability where administrator permission changes were not immediately reflected |
3.3 |
||
6.0.21, 6.0.16 |
WebUI |
Blind Injection vulnerability in node management search bar |
2.2 |
||
6.0.20, 6.0.16 |
WebUI |
Service neutralization by Tomcat restart command execution via unauthorized administrator |
5.0.41 |
2.7 |
|
6.0.2 |
WebUI |
XSS vulnerability in Audit > Logs > Log Search |
4.3 |
||
6.0.2 |
WebUI |
Relative path file access vulnerability in debug log screen |
3.83 |
||
6.0.2 |
Center, macOS Agent, Windows Agent |
Upgraded to latest OpenSSL version (OpenSSL 1.1.1n) |
4.0.0, 5.0.0, 6.0.0 |
7.5 |
|
6.0.2 |
WebUI |
Logstash removal |
5.9 |
||
6.0.18, 6.0.16 |
WebUI |
Vulnerability allowing information modification by directly entering URL of pages without access permission |
3.1 |
||
6.0.18, 6.0.16 |
WebUI |
File export permission bypass vulnerability for unauthorized administrators via audit log REST API |
3.1 |
||
6.0.17, 6.0.16 |
WebUI |
Tomcat Version Upgrade (8.5.94 -> 8.5.96 / 9.0.81 -> 9.0.83) |
7.5 |
||
6.0.17, 6.0.16 |
WebUI |
Tomcat Version Upgrade (8.5.94 / 9.0.81) |
7.5 |
||
6.0.17, 6.0.16 |
WebUI |
Improved 2-factor authentication to limit number of authentication code attempts and add time restriction |
4.3 |
||
6.0.17 |
WebUI |
Fixed issue where login failed after abnormal API call |
5.0.42, 5.0.49, 6.0.7, 4.0.156, 5.0.56 |
5.3 |
|
6.0.16 |
WebUI |
Fixed issue where Passkey could be registered using the Passkey re-registration feature without authorization |
3.9 |
||
6.0.16 |
WebUI |
Vulnerability where HTML tags rendered as department names were executed in tree |
5.0.0 |
1.2 |
|
6.0.16 |
Center |
Command Injection vulnerability via SQL used for data updates |
6.6 |
||
6.0.16 |
Sensor |
nmap script tampering vulnerability during sensor NMDB update process |
4.1 |
||
6.0.16 |
Sensor |
Insufficient validation of received events on sensor |
6.3 |
||
6.0.16 |
Center |
Parameter Injection vulnerability due to insufficient download URL validation |
6.6 |
||
6.0.16 |
WebUI |
HTML/script code injection vulnerability |
5.3 |
||
6.0.15 |
Center |
Code improvement for buffer overflow |
2.0 |
||
6.0.15 |
Linux Agent, macOS Agent, Windows Agent |
[Agent] Added validation for events transmitted from center and sensor |
6.3 |
||
6.0.15 |
WebUI |
Vulnerability allowing unauthorized administrators to download debug logs |
2.9 |
||
6.0.15 |
WebUI |
Vulnerability where administrator's API key was exposed to other administrators |
5.3 |
||
6.0.15 |
WebUI |
Fixed issue where returnUrl parameter used for page navigation in management console could be tampered to redirect to arbitrary URLs |
1.9 |
||
6.0.14 |
Windows Agent |
Vulnerability allowing general users to obtain PC administrator privileges via agent |
5.0.0, 6.0.0 |
4.6 |
|
6.0.14 |
WebUI |
Vulnerability allowing unauthorized administrators to view debug logs in real time |
5.0.0, 6.0.0 |
2.9 |
|
6.0.13 |
WebUI |
Fixed issue where Google OTP 2-factor authentication could be bypassed by issuing a new security key |
6.5 |
||
6.0.12 |
Database |
MySQL version upgrade 5.7.40 -> 5.7.41 |
|||
6.0.12 |
WebUI |
Tomcat version upgrade (9.0.68 -> 9.0.72, 8.5.78 -> 8.5.86) |
|||
6.0.12 |
Center, macOS Agent, Sensor, Windows Agent |
OpenSSL 1.1.1t upgrade - fixed vulnerability that could allow reading memory contents or causing denial of service by passing arbitrary pointer to memcmp call |
7.4 |
||
6.0.12 |
MySQL |
MySQL version upgrade 5.7.33 -> 5.7.40 |
|||
6.0.12 |
CWP |
Fixed issue where CWP authentication via agent user authentication menu authenticated with account (ID) only when IP management message priority was On |
6.0.3, 5.0.46 |
3.4 |
|
6.0.11 |
WebUI |
Added CSP and HSTS headers to WebUI Response Header |
|||
6.0.11 |
Windows Agent |
Fixed issue where agent had High privilege when launching web browser |
4.0.0, 5.0.0, 6.0.0 |
3.3 |
|
6.0.11 |
WebUI |
WebUI library vulnerability inspection |
|||
6.0.11 |
IPMGMT |
Fixed issue where login with user ID only was possible via frontpage in IP request system |
4.9 |
||
6.0.10 |
IPMGMT, WebUI |
XSS vulnerability in IP request system > IP request screen |
5.4 |
||
6.0.10 |
WebUI |
Added re-authentication procedure when accessing user information modification page in CWP |
4.2 |
||
6.0.10 |
WebUI |
XSS vulnerability in Audit > Logs > Log search bar |
5.6 |
||
6.0.1 |
GNOS |
Apache 2.4.52 version upgrade to address Apache vulnerability |
9.8 |
||
6.0.1 |
WebUI |
log4j vulnerability fix |
9.8 |
||
6.0.1 |
Center |
Supplemented agent-related APIs with insufficient authentication handling |
4.6 |
||
6.0.1 |
WebUI |
[SaaS] SaaS security certification source code inspection remediation |
9.1 |
||
6.0.1 |
gnlogin, WebUI |
Implemented restriction to prevent use of specific words in passwords |
8.7 |
||
6.0.0 |
GNOS |
Removed reverse shell functionality from netcat(nc) command included in the product |
|||
6.0.0 |
Center |
Restricted SOAP/REST callable via HTTP |
2.5 |
||
6.0.0 |
macOS Agent, Windows Agent |
Fixed issue where agent abnormally terminated due to packet manipulation of UDP events |
3.4 |
||
6.0.0 |
macOS Agent, Windows Agent |
Fixed XSS vulnerability existing when displaying instant messages in agent |
6.8 |
||
6.0.0 |
Center, Sensor |
Fixed issue where daemon could abnormally terminate during UDP event packet processing |
5.0.36 |
6.4 |
|
6.0.0 |
WebUI |
Administrator login bypass vulnerability using mobile app |
6.1 |
||
6.0.0 |
WebUI |
REST API Command Injection |
6.7 |
||
6.0.0 |
WebUI |
XSS attack vulnerability when CWP user application is submitted as Excel file |
6.8 |
||
6.0.0 |
WebUI |
Internal file download vulnerability via relative path on Agent Download page |
5.0.37 |
5.2 |
|
6.0.0 |
WebUI |
Fixed issue where REST API calls were possible without valid authentication token |
4.9 |
||
6.0.0 |
Center |
Improved Denial of Service (DoS) attack vulnerability via API |
6.4 |
||
6.0.0 |
Center |
Supplemented sensor-related APIs with insufficient authentication handling |
4.6 |
||
6.0.0 |
Center |
Vulnerability where internally used SOAP API was exposed externally via RPC |
|||
6.0.0 |
WebUI |
(KVE-2021-1062) Strengthened name validation for file upload component in Conf Engine |
6.7 |
||
6.0.0 |
WebUI |
(KVE-2021-1062) SSTI vulnerability in CWP Design Template |
|||
6.0.0 |
Windows Agent |
(KVE-2021-1062) Vulnerability allowing use of relative path when creating agent files |
6.1 |
||
6.0.0 |
Center |
(KVE-2021-1061) Vulnerability allowing password change by non-authenticated users on a node |
8.7 |
||
6.0.0 |
Center, Sensor |
(KVE-2021-1061) Vulnerability allowing retrieval of all node information without sensor information |
|||
6.0.0 |
macOS Agent, Windows Agent |
Agent OpenSSL 1.1.1l update |
9.8 |
||
6.0.0 |
GNOS |
Upgraded openssl to version 1.1.1l |
4.0.146, 5.0.44, 6.0.1 |
9.8 |
|
6.0.0 |
Center |
Fix to defend against Command injection attacks |
8.0 |
||
6.0.0 |
Center |
Improved to prevent disabled plugins from being delivered to agents |
7.6 |
||
6.0.0 |
Center |
Improved SQL Injection defense processing method |
8.7 |
||
6.0.0 |
GNOS |
Removed vulnerable LD_LIBRARY_PATH environment variable inside GNOS |
|||
6.0.0 |
WebUI |
[SaaS] SaaS security certification WAS(Tomcat) vulnerability improvement |
7.5 |
||
6.0.0 |
GNOS |
Upgraded openssh to version 8.6p1 |
|||
6.0.0 |
WebUI |
[CC] Web vulnerability inspection result security fix |
6.5 |
||
6.0.0 |
GenianOS |
Apache httpd(2.4.48) / tomcat(8.5.63) upgrade |
7.5 |
||
6.0.0 |
ElasticSearch |
[CC] Upgraded elasticsearch to version 5.6.16 |
8.8 |