Vulnerabilities > CVE-2020-17386 - Server-Side Request Forgery (SSRF) vulnerability in Cellopoint Cellos 4.1.10
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |