CVE-2021-45968

Name of the Vulnerable Software and Affected Versions Pascom Cloud Phone System versions prior to 7.20.x

Description An issue was discovered in the XMPP Server component of the JIve platform, allowing Server-Side Request Forgery (SSRF) through an endpoint in the backend Tomcat server. SSRF is a security issue where an attacker can manipulate a server into making requests to internal or external systems, potentially leading to unauthorized access or data exposure.

Recommendations For versions prior to 7.20.x, update to version 7.20.x or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoint in the Tomcat server to minimize the risk of exploitation.