Server-Side Request Forgery Vulnerability in IBM Secure External Authentication Server and Proxy
CVE-2021-29749
6.5MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 15 July 2021
Summary
IBM Secure External Authentication Server and IBM Secure Proxy versions 6.0.2 are susceptible to server-side request forgery (SSRF). This vulnerability allows an authenticated attacker to exploit the system by sending unauthorized requests. As a consequence, an attacker could perform network enumeration or execute further attacks against internal resources, posing a significant security risk.
Affected Version(s)
Secure External Authentication Server 6.0.2
Secure Proxy 6.0.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved