CVE-2021-47703

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4

Description The software contains an unauthenticated Server-Side Request Forgery (SSRF) issue. This allows attackers to bypass firewalls and perform service and network enumeration on the internal network. Attackers can exploit this by providing an external domain in the ip parameter, causing the application to make HTTP requests to arbitrary destinations. This can lead to hijacking of current sessions.

Recommendations Apply a fix or update to address the unauthenticated SSRF vulnerability in the affected version. As a temporary workaround, restrict or monitor outbound network requests made by the application.