First published: Mon Apr 12 2021(Updated: )
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Outsystems Lifetime Management Console | >=11<11.7.0 | |
Outsystems Outsystems | >=10<10.0.1104.0 | |
OutSystems Platform Server | >=11<11.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-29357 is high with a CVSS score of 8.6.
The affected software for CVE-2021-29357 includes OutSystems Lifetime Management Console, OutSystems Platform Server, and OutSystems OutSystems.
CVE-2021-29357 allows SSRF for arbitrary outbound HTTP requests in OutSystems Platform Server.
To fix CVE-2021-29357, upgrade OutSystems Platform Server to version 10.0.1104.0 or 11.9.0, and upgrade OutSystems Lifetime Management Console to version 11.7.0.
More information about CVE-2021-29357 can be found at the following references: [CVE-2021-29357 Advisory](https://labs.integrity.pt/advisories/cve-2021-29357/) and [OutSystems Security Vulnerabilities](https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTAF-2226).