CVE-2021-45968: SSRF
First published: Fri Mar 18 2022(Updated: )
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jive | ||
| Pascom Cloud Phone System | <=7.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-45968?
CVE-2021-45968 has been classified as a high severity vulnerability due to the potential for Server-Side Request Forgery (SSRF).
How do I fix CVE-2021-45968?
To mitigate CVE-2021-45968, upgrade the Pascom Cloud Phone System to version 7.20 or later, or implement network-level restrictions to prevent SSRF attacks.
What systems are affected by CVE-2021-45968?
CVE-2021-45968 affects Pascom Cloud Phone System versions prior to 7.20.x and certain releases of the Jive platform.
What type of vulnerability is CVE-2021-45968?
CVE-2021-45968 is an SSRF vulnerability that allows an attacker to make unauthorized requests to internal systems.
What are the potential impacts of CVE-2021-45968?
Exploitation of CVE-2021-45968 could lead to unauthorized access to sensitive internal services and data.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/jivesoftware
- canonical/jive
- vendor/pascom
- canonical/pascom cloud phone system
- version/pascom cloud phone system/7.19