Vulnerabilities > CVE-2021-33581 - Server-Side Request Forgery (SSRF) vulnerability in Softwareag Mashzone Nextgen

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

softwareag

CWE-918

NVD

Published: 2022-03-30

Updated: 2022-04-06

Summary

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.

Vulnerable Configurations

Part	Description	Count
Application	Softwareag Softwareag Mashzone Nextgen *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581
https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default