MEDIUM🇬🇧 English

CVE-2021-47703

CVSS 6.9v4.0pub. 2025-12-09upd. 2025-12-19

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Openbmcs

    APP
    Openbmcs
    2.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRFFirewall
CWE
Referencje

Powiązane podatności

CVE-2021-47701HIGH8.7ten sam produkt

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permi...

CVE-2021-47704HIGH8.7ten sam produkt

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate databas...

CVE-2021-47718HIGH8.7ten sam produkt

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access ...

CVE-2021-47702MEDIUM5.3ten sam produkt

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privil...