Server-Side Request Forgery Vulnerability in IBM Secure External Authentication Server and Proxy
CVE-2021-29749

6.5MEDIUM

Key Information:

Vendor

IBM
Status
Secure Proxy
Secure External Authentication Server
Vendor
CVE Published:
15 July 2021

What is CVE-2021-29749?

IBM Secure External Authentication Server and IBM Secure Proxy versions 6.0.2 are susceptible to server-side request forgery (SSRF). This vulnerability allows an authenticated attacker to exploit the system by sending unauthorized requests. As a consequence, an attacker could perform network enumeration or execute further attacks against internal resources, posing a significant security risk.

Affected Version(s)

Secure External Authentication Server 6.0.2

Secure Proxy 6.0.2

References

https://www.ibm.com/support/pages/node/6471621
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6471623
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/201777
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.