Vulnerabilities > CVE-2022-47635 - Server-Side Request Forgery (SSRF) vulnerability in Wildix WMS 4.0/5.0/6.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wildix

CWE-918

critical

NVD

Published: 2022-12-21

Updated: 2024-11-21

Summary

Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.

Vulnerable Configurations

Part	Description	Count
Application	Wildix Wildix WMS 6.0 Wildix WMS 4.0 Wildix WMS 5.0	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://wildix.atlassian.net/wiki/spaces/DOC/pages/30279136/Changelogs
https://wildix.atlassian.net/wiki/spaces/DOC/pages/30279136/Changelogs