CNNVD-202510-4130 Information

Oct 30, 2025 cve

CNNVD ID

CNNVD-202510-4130

CVE-2021-4461

CNNVD Published: 2025-10-30

Description (Chinese)

Seeyon Zhiyuan OA Web Application System是中国致远（Seeyon）公司的一款综合办公自动化平台。 Seeyon Zhiyuan OA Web Application System 7.0 SP1及之前版本存在安全漏洞，该漏洞源于对thirdpartyController.do中参数enc解码和解析不当，可能导致攻击者分配任意用户ID会话。

Description (English)

Seeyon Zhiyuan OA Web Application System is an integrated office automation platform for Seayon. Seeyon Zhiyuan OA Web Application System 7.0 SP1 and previous versions had a security loophole, which stemmed from the inappropriate decoding and deciphering of enc of the parameter thirdpartyController.do, which could lead to an attacker assigning a random user ID session.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

致远

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/chaitin/xray/blob/f90cf321bc4d294bbf6625a9c4853f3bfdf0a384/pocs/seeyon-oa-cookie-leak.yml https://github.com/projectdiscovery/nuclei-templates/blob/1ca6b8e6fe225cbd46dcb893dcaee01447afa8c0/ https://mp.weixin.qq.com/s/0AqdfTrZUVrwTMbKEKresg https://www.vulncheck.com/advisories/seeyon-zhiyuan-oa-web-application-system-authentication-bypass

Share on: