Log360 Release Notes

Build 5224

Fixes:

  • The CSRF vulnerability has been fixed to prevent possible attacks.
  • The following security issues have been fixed:
    • ZVE-2021-2034: The CSRF vulnerability in disabling logon security settings. (The issue was identified by reporter, Sahil Dhar).
    • ZVE-2021-2018: Remote code execution using the arbitrary file overwrite vulnerability. (The issue was identified by reporter, Sahil Dhar).
    • ZVE-2021-2033: The issue in validating LOGO_PATH key value in the stored XSS logon settings. (The issue was identified by reporter, Sahil Dhar).