Vulnerabilities > CVE-2023-39854 - Server-Side Request Forgery (SSRF) vulnerability in ATX Ucrypt 3.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

atx

CWE-918

NVD

Published: 2023-10-09

Updated: 2024-02-01

Summary

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.

Vulnerable Configurations

Part	Description	Count
Application	Atx ATX Ucrypt - ATX Ucrypt 3.5	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://wiki.notveg.ninja/blog/CVE-2023-39854/