cbcvebase.
CVE-2021-27670
published 2021-02-25

CVE-2021-27670: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
61.27%
99.0th percentile
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
appspaceappspace

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live
path/api/v1/core/proxy/jsonprequest
  • Send a GET request to /api/v1/core/proxy/jsonprequest with the `url` parameter pointing to an out-of-band interaction server; a 200 response with body containing ' Interactsh Server ' confirms SSRF exploitation.
  • Shodan/FOFA/Google dork for exposed Appspace instances: search for title 'Appspace' or 'appspace' to identify attack surface.
  • ·The SSRF endpoint requires no authentication (PR:N, UI:N), meaning it is exploitable by unauthenticated remote attackers against any exposed Appspace 6.2.4 instance.
  • ·The vulnerable parameter is `url` within the `jsonprequest` proxy endpoint; additional query parameters `objresponse=false`, `websiteproxy=true`, and `escapestring=false` are used in the known PoC request.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.