CVE-2022-25026

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Portal version 7.9.2.1

Description A Server-Side Request Forgery (SSRF) issue allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. This enables attackers to potentially exploit internal network resources.

Recommendations For Rocket TRUfusion Portal version 7.9.2.1, consider restricting access to the /trufusionPortal/upDwModuleProxy endpoint to minimize the risk of exploitation. Additionally, review internal network security to limit the exposure of sensitive resources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.