PT-2021-18178 · Outsystems · Outsystems Platform Server+1

Ricardo Nunes

Published

2021-04-12

Updated

2021-04-21

CVE-2021-29357

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: OutSystems Platform Server versions 10.0.0 through 10.0.1103.0 OutSystems Platform Server versions 11.0.0 through 11.8.0 LifeTime management console versions prior to 11.7.0

Description: The issue allows for Server-Side Request Forgery (SSRF) which enables arbitrary outbound HTTP requests. This can potentially be exploited to access internal resources or make unauthorized requests.

Recommendations: For OutSystems Platform Server versions 10.0.0 through 10.0.1103.0, update to version 10.0.1104.0 or later. For OutSystems Platform Server versions 11.0.0 through 11.8.0, update to version 11.9.0 or later. For LifeTime management console versions prior to 11.7.0, update to version 11.7.0 or later.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-29357

Affected Products

Lifetime Management Console

Outsystems Platform Server

PT-2021-18178 · Outsystems · Outsystems Platform Server+1

CVE-2021-29357

Weakness Enumeration

Related Identifiers

Affected Products

References · 5