Vulnerabilities > CVE-2021-45968 - Server-Side Request Forgery (SSRF) vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jivesoftware

pascom

CWE-918

NVD

Published: 2022-03-18

Updated: 2022-07-12

Summary

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.

Vulnerable Configurations

Part	Description	Count
Application	Jivesoftware Jivesoftware Jive -	1
Application	Pascom Pascom Cloud Phone System *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://kerbit.io/research/read/blog/4
https://www.pascom.net/doc/en/release-notes/
https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
https://jivesoftware.com/platform/
https://www.pascom.net/doc/en/release-notes/pascom19/