CVE-2022-36663

Name of the Vulnerable Software and Affected Versions Gluu Oxauth versions prior to 4.4.1

Description The issue allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request uri parameter. This enables attackers to forge requests from the server, potentially leading to unauthorized access or information disclosure.

Recommendations For versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the request uri parameter to minimize the risk of exploitation.