Vulnerability Description
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softwareag | Mashzone Nextgen | <= 10.7 |
Related Weaknesses (CWE)
References
- https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581Third Party Advisory
- https://www.softwareag.com/corporate/products/az/mashzone_nextgen/defaultProductVendor Advisory
- https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581Third Party Advisory
- https://www.softwareag.com/corporate/products/az/mashzone_nextgen/defaultProductVendor Advisory
FAQ
What is CVE-2021-33581?
CVE-2021-33581 is a vulnerability with a CVSS score of 7.2 (HIGH). MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This o...
How severe is CVE-2021-33581?
CVE-2021-33581 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33581?
Check the references section above for vendor advisories and patch information. Affected products include: Softwareag Mashzone Nextgen.