CVE-2019-6837

Name of the Vulnerable Software and Affected Versions U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15)

Description A Server-Side Request Forgery (SSRF) issue exists, which could cause server configuration data to be exposed when an attacker modifies a URL. This could potentially lead to unauthorized access to sensitive information.

Recommendations For MEG6501-0001 - U.motion KNX server, consider restricting access to the server configuration data until a fix is available. For MEG6501-0002 - U.motion KNX Server Plus, avoid using modified URLs that could trigger the SSRF issue. For MEG6260-0410 - U.motion KNX Server Plus, Touch 10, and MEG6260-0415 - U.motion KNX Server Plus, Touch 15, restrict access to the server configuration data and avoid using modified URLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.