Zen Load Balancer
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-10039 | Cri | 0.64 | — | 0.02 | Aug 11, 2025 | ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in… | ||
| CVE-2020-11490 | Hig | 0.47 | 7.2 | 0.02 | Apr 2, 2020 | Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter. | ||
| CVE-2019-7301 | Hig | 0.47 | 7.2 | 0.03 | Feb 1, 2019 | Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. | ||
| CVE-2020-11491 | Med | 0.35 | 4.9 | 0.08 | Apr 2, 2020 | Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi. |
- risk 0.64cvss —epss 0.02
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in…
- risk 0.47cvss 7.2epss 0.02
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.
- risk 0.47cvss 7.2epss 0.03
Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.
- risk 0.35cvss 4.9epss 0.08
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.