Vulnerability Description
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Outsystems | Lifetime Management Console | >= 11, < 11.7.0 |
| Outsystems | Outsystems | >= 10, < 10.0.1104.0 |
| Outsystems | Platform Server | >= 11, < 11.9.0 |
Related Weaknesses (CWE)
References
- https://labs.integrity.pt/advisories/cve-2021-29357/Third Party Advisory
- https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTVendor Advisory
- https://labs.integrity.pt/advisories/cve-2021-29357/Third Party Advisory
- https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTVendor Advisory
FAQ
What is CVE-2021-29357?
CVE-2021-29357 is a vulnerability with a CVSS score of 8.6 (HIGH). The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
How severe is CVE-2021-29357?
CVE-2021-29357 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29357?
Check the references section above for vendor advisories and patch information. Affected products include: Outsystems Lifetime Management Console, Outsystems Outsystems, Outsystems Platform Server.