CVE-2017-7553

CWE-918 — Server-Side Request Forgery (SSRF)6 documents6 sources

Severity

6.3MEDIUM

EPSS

0.2%

top 60.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Mobile Application Platform

Timeline

PublishedSep 29

Latest updateMay 14

Description

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

▶NVDredhat/mobile_application_platform4.4.3

🔴Vulnerability Details

GHSA

GHSA-rmmq-9vg2-553m: The external_request api call in App Studio (millicore) allows server side request forgery (SSRF)↗2022-05-14

▶

CVEList

CVE-2017-7553: The external_request api call in App Studio (millicore) allows server side request forgery (SSRF)↗2017-09-28

▶

OSV

irssi vulnerabilities↗2017-02-01

▶

📋Vendor Advisories

Red Hat

RHMAP: SSRF via external_request feature of App Studio↗2017-09-11

▶

💬Community

Bugzilla

CVE-2017-7553 RHMAP: SSRF via external_request feature of App Studio↗2017-08-07

▶