CVE-2021-29357

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.

Published: Apr 12, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-29357
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
outsystems / lifetime_management_console	11	11.7.0
outsystems / platform_server	11	11.9.0
outsystems / outsystems	10	10.0.1104.0

https://labs.integrity.pt/advisories/cve-2021-29357/
https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTAF-2226

Vulnerability Database

289,871

CVE-2021-29357