Vulnerabilities > CVE-2020-35205 - Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
- https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
- https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
- https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications