exploitDog

CVE-2022-25026

Опубликовано: 12 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

Ссылки

https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/
Exploit
Patch
Third Party Advisory
https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*

Версия до 7.9.5.1 (исключая)

EPSS

Процентиль: 87%

0.03538

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-mffv-q36c-x853

CVSS3: 7.5

github

около 3 лет назад

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

EPSS

Процентиль: 87%

0.03538

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

CWE-918