Vulnerabilities > CVE-2021-45968 - Server-Side Request Forgery (SSRF) vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jivesoftware
pascom
CWE-918

Summary

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.

Vulnerable Configurations

Part Description Count
Application
Jivesoftware
1
Application
Pascom
1

Common Weakness Enumeration (CWE)