Vulnerabilities > CVE-2022-36663 - Server-Side Request Forgery (SSRF) vulnerability in Gluu Oxauth

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2022-09-06

Updated: 2024-11-21

Summary

Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.

Part	Description	Count
Application	Gluu Gluu Oxauth - Gluu Oxauth 1.0.0 Gluu Oxauth 1.1.0 Gluu Oxauth 1.2.0 Gluu Oxauth 1.3.0 Gluu Oxauth 1.3.1 Gluu Oxauth 1.3.2 Gluu Oxauth 1.4.1 Gluu Oxauth 1.5.0 Gluu Oxauth 1.6.0 Gluu Oxauth 2.3.3 Gluu Oxauth 2.3.4 Gluu Oxauth 2.3.5 Gluu Oxauth 2.4.0 Gluu Oxauth 2.4.1 Gluu Oxauth 2.4.2 Gluu Oxauth 3.0.0 Gluu Oxauth 3.0.1 Gluu Oxauth 3.0.2 Gluu Oxauth 3.1.4 Gluu Oxauth 4.2.1 Gluu Oxauth 4.2.3 Gluu Oxauth 4.3.0 Gluu Oxauth 4.3.1	24