Vulnerabilities > CVE-2022-39055 - Server-Side Request Forgery (SSRF) vulnerability in Changingtec Rava Certificate Validation System 3

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

changingtec

CWE-918

NVD

Published: 2022-10-18

Updated: 2022-10-20

Summary

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.

Vulnerable Configurations

Part	Description	Count
Application	Changingtec Changingtec Rava Certificate Validation System 3	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.twcert.org.tw/tw/cp-132-6616-9092f-1.html