SSRF Vulnerability in MashZone NextGen 10.7 GA Allows Unauthorized Interaction with TCP Services

SSRF Vulnerability in MashZone NextGen 10.7 GA Allows Unauthorized Interaction with TCP Services

CVE-2021-33581 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.

Learn more about our Web App Pen Testing.