Server-Side Request Forgery Vulnerability in IBM Secure External Authentication Server and Proxy
CVE-2021-29749

6.5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 July 2021

Summary

IBM Secure External Authentication Server and IBM Secure Proxy versions 6.0.2 are susceptible to server-side request forgery (SSRF). This vulnerability allows an authenticated attacker to exploit the system by sending unauthorized requests. As a consequence, an attacker could perform network enumeration or execute further attacks against internal resources, posing a significant security risk.

Affected Version(s)

Secure External Authentication Server 6.0.2

Secure Proxy 6.0.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.