PT-2021-10589 · Ureport · Ureport

T3Qui1A

·

Published

2021-09-15

·

Updated

2021-09-28

·

CVE-2020-21122

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions: UReport version 2.2.9
Description: The issue allows attackers to detect intranet device ports through a Server-Side Request Forgery (SSRF) in the designer page.
Recommendations: For UReport version 2.2.9, consider restricting access to the designer page as a temporary workaround until a patch is available.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2020-21122
GHSA-6Q3P-36F4-CWXV

Affected Products

Ureport