Описание
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.2 (исключая)
cpe:2.3:a:invisioncommunity:ips_community_suite:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00547
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
EPSS
Процентиль: 67%
0.00547
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918