Headline
CVE-2021-33581: advisories/2021/CVE-2021-33581 at master · blackarrowsec/advisories
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
CVE-2021-33581: Server Side Request Forgery (SSRF)
Vendor: Software AG
Vendor URL: https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default
Versions affected: MashZone NextGen 10.7 GA | Build 1607 (Vendor did not provide data about other affected versions)
Discovered by: Marcos Díaz
Public fix: No
Proof of Concept: No
Summary
MashZone NextGen 10.7 GA | Build 1607 and likely other/older versions, are affected by a SSRF.
Details
The HTTP endpoint /mashzone/mzservices/admin/getppmversion
parameter url
performs HTTP connections to arbitrary URLs.
Impact
This vulnerability can be used in combination to CVE-2021-33207 to achieve RCE.
Recommendation
Make sure you have changed the default administrative credentials. At this point we do not have information about a fix from Software AG.
Timeline
- 19/05/2021 - Reported vulnerability to vendor
- 31/08/2021 - A representative from Software AG asks for details
- 30/03/2022 - Public Disclosure