CVE-2021-33581: Server Side Request Forgery (SSRF)
Vendor: Software AG
Vendor URL: https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default
Versions affected: MashZone NextGen 10.7 GA | Build 1607 (Vendor did not provide data about other affected versions)
Discovered by: Marcos Díaz
Public fix: No
Proof of Concept: No
Summary
MashZone NextGen 10.7 GA | Build 1607 and likely other/older versions, are affected by a SSRF.
Details
The HTTP endpoint /mashzone/mzservices/admin/getppmversion parameter url performs HTTP connections to arbitrary URLs.
Impact
This vulnerability can be used in combination to CVE-2021-33207 to achieve RCE.
Recommendation
Make sure you have changed the default administrative credentials. At this point we do not have information about a fix from Software AG.
Timeline
- 19/05/2021 - Reported vulnerability to vendor
- 31/08/2021 - A representative from Software AG asks for details
- 30/03/2022 - Public Disclosure