Vulnerability Details CVE-2021-29357
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 5.0
References
Products affected by CVE-2021-29357
-
cpe:2.3:a:outsystems:lifetime_management_console:11
-
cpe:2.3:a:outsystems:lifetime_management_console:11.0.307.0
-
cpe:2.3:a:outsystems:lifetime_management_console:11.4.0
-
cpe:2.3:a:outsystems:lifetime_management_console:11.4.2
-
cpe:2.3:a:outsystems:lifetime_management_console:11.5.0
-
cpe:2.3:a:outsystems:lifetime_management_console:11.5.1
-
cpe:2.3:a:outsystems:lifetime_management_console:11.5.2
-
cpe:2.3:a:outsystems:lifetime_management_console:11.5.3
-
cpe:2.3:a:outsystems:lifetime_management_console:11.6.0
-
cpe:2.3:a:outsystems:lifetime_management_console:11.6.1
-
cpe:2.3:a:outsystems:outsystems:10
-
cpe:2.3:a:outsystems:outsystems:10.0.1019.0
-
cpe:2.3:a:outsystems:platform_server:11
-
cpe:2.3:a:outsystems:platform_server:11.7.2
-
cpe:2.3:a:outsystems:platform_server:11.7.3
-
cpe:2.3:a:outsystems:platform_server:11.8.0
-
cpe:2.3:a:outsystems:platform_server:11.8.1
-
cpe:2.3:a:outsystems:platform_server:11.8.2