Vulnerabilities > CVE-2022-39055 - Server-Side Request Forgery (SSRF) vulnerability in Changingtec Rava Certificate Validation System 3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

changingtec

CWE-918

NVD

Published: 2022-10-18

Updated: 2024-11-21

Summary

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.

Vulnerable Configurations

Part	Description	Count
Application	Changingtec Changingtec Rava Certificate Validation System 3	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.twcert.org.tw/tw/cp-132-6616-9092f-1.html
https://www.twcert.org.tw/tw/cp-132-6616-9092f-1.html