Vulnerabilities > CVE-2021-29357 - Server-Side Request Forgery (SSRF) vulnerability in Outsystems products

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

outsystems

CWE-918

NVD

Published: 2021-04-12

Updated: 2021-04-21

Summary

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.

Vulnerable Configurations

Part	Description	Count
Application	Outsystems Outsystems Lifetime Management Console 11 Outsystems Lifetime Management Console 11.0.307.0 Outsystems Lifetime Management Console 11.4.0 Outsystems Lifetime Management Console 11.4.2 Outsystems Lifetime Management Console 11.5.0 Outsystems Lifetime Management Console 11.5.1 Outsystems Lifetime Management Console 11.5.2 Outsystems Lifetime Management Console 11.5.3 Outsystems Lifetime Management Console 11.6.0 Outsystems Lifetime Management Console 11.6.1 Outsystems Platform Server 11 Outsystems Platform Server 11.7.2 Outsystems Platform Server 11.7.3 Outsystems Platform Server 11.8.0 Outsystems Platform Server 11.8.1 Outsystems Platform Server 11.8.2 Outsystems Outsystems 10 Outsystems Outsystems 10.0.1019.0	18

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References