CVE-2021-47703

Medium CVSS: 6.9

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Vendor

Openbmcs

Product

Openbmcs

CWE

CWE-918

Yayın Tarihi

2025-12-09 21:15:49

Güncelleme

2025-12-19 19:39:02

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-918 Openbmcs MEDIUM Openbmcs 2025

Referanslar

https://www.exploit-db.com/exploits/50670 https://www.openbmcs.com https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php

Benzer Kayıtlar

High

CVE-2021-47718

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive…

High

CVE-2021-47704

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries…

Medium

CVE-2021-47702

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by ex…

High

CVE-2021-47701

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and…