Bug 109127 - SSRF vulnerability - ProxyServlet [CWE-918 / CWE-807]
Summary: SSRF vulnerability - ProxyServlet [CWE-918 / CWE-807]
Status: VERIFIED FIXED
Alias: None
Product: ZCS
Classification: Unclassified
Component: Admin - Server (show other bugs)
Version: 8.8.0_ZCS_JudasPriest
Hardware: All Browsers All
: P2 critical
Target Milestone: ---
Assignee: bugs.admin.server
QA Contact: Pallavi Khairnar
URL: https://nvd.nist.gov/vuln-metrics/cvs...
Keywords: Security
Depends on:
Blocks:
 
Reported: 2019-03-05 18:08 EST by Phil Pearl
Modified: 2019-05-29 06:00 EDT (History)
4 users (show)

See Also:
Feature Notes:
Eng Days:
QA Days:
Root Cause: ---
Fix Type: ---
QA Analysis: ---
CVE Number: CVE-2019-9621
CVSS Score: 4.0
CVE Reporter: An Trinh <tint0@outlook.com>
ZCO Subcategory:
Queue Position:
Test Stories:
User Stories:
UX:
Developer:
PM:
QA:
Docs:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Phil Pearl 2019-03-05 18:08:30 EST
A SSRF vulnerability exists in the ProxyServlet component of ZCS Admin interface.  Details to follow.
Comment 6 Pallavi Khairnar 2019-04-12 06:49:22 EDT
Verified on 8.8.12 It is working as expected