Server-Side Request Forgery (SSRF) Vulnerability in ONLYOFFICE Document Editor Service
CVE-2021-43449 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.
Learn more about our Cis Benchmark Audit For Microsoft Office.