CVE-2021-40604: SSRF
First published: Mon Jun 13 2022(Updated: )
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invisioncommunity Ips Community Suite | <4.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-40604?
CVE-2021-40604 has a severity level of 9.1 (Critical).
What is CVE-2021-40604?
CVE-2021-40604 is a Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before version 4.6.2.
How does CVE-2021-40604 affect IPS Community Suite?
CVE-2021-40604 allows remote authenticated users to request arbitrary URLs or trigger deserialization via the phar protocol when generating class names dynamically.
How can CVE-2021-40604 be exploited?
CVE-2021-40604 can be exploited by an unauthenticated user in some cases.
Is there a fix available for CVE-2021-40604?
Yes, a fix for CVE-2021-40604 is available in IPS Community Suite version 4.6.2.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/invisioncommunity
- canonical/invisioncommunity ips community suite