CVE-2021-29357 - Outsystems ECT Provider Server Side Request Forgery
1. Vulnerability Properties
Title: Outsystems ECT Provider Server Side Request Forgery CVE ID: CVE-2021-29357 CVSSv3 Base Score: 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N) Vendor: Outsystems Products: Outsystems Advisory Release Date: 13 April 2021 Advisory URL: https://labs.integrity.pt/advisories/cve-2021-29357 Credits: Discovery by Ricardo Nunes <rn[at]integrity.pt>
2. Vulnerability Summary
The Outsystems ECT component is vulnerable to a SSRF attack, which may allow an attacker to force the server application to perform arbitrary HTTP requests.
Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.