DNN CMS Server-Side Request Forgery (SSRF)
CVE-2021-40186

6.5MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn Platform
Vendor: CVE Published:; 2 June 2022

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2021-40186?

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

Affected Version(s)

DNN Platform 9.0 < 9.11.0

References

https://appcheck-ng.com/dnn-cms-server-side-request-forge...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Aug 29, 2021