CVE-2021-43449: SSRF
First published: Mon Jan 23 2023(Updated: )
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Onlyoffice Server | <=7.0.0.49 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-43449.
What is the severity of CVE-2021-43449?
The severity of CVE-2021-43449 is high with a CVSS score of 8.1.
What is the affected software for CVE-2021-43449?
The affected software for CVE-2021-43449 is ONLYOFFICE Server versions up to and including 7.0.0.49.
What is Server-Side Request Forgery (SSRF)?
Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to make requests to internal or external resources on behalf of the targeted server.
How can an attacker exploit CVE-2021-43449?
An attacker can exploit CVE-2021-43449 by abusing the document editor service in ONLYOFFICE to read and serve arbitrary URLs as a document.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/onlyoffice
- canonical/onlyoffice server
- version/onlyoffice server/7.0.0.49