CVE-2020-35205

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200

Description: The issue allows attackers to perform Server Side Request Forgery (SSRF) in the Web Compliance Manager component, enabling them to scan internal ports and make outbound connections via the initFile.jsp file. This affects products that are no longer supported by the maintainer.

Recommendations: For Quest Policy Authority version 8.1.2.200, as the product is no longer supported, consider disabling the initFile.jsp file or restricting access to it to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.