Vulnerability Details CVE-2021-40537
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.0
References
Products affected by CVE-2021-40537
-
cpe:2.3:a:owncloud:user_ldap:0.10.0
-
cpe:2.3:a:owncloud:user_ldap:0.11.0
-
cpe:2.3:a:owncloud:user_ldap:0.12.0
-
cpe:2.3:a:owncloud:user_ldap:0.13.0
-
cpe:2.3:a:owncloud:user_ldap:0.14.0
-
cpe:2.3:a:owncloud:user_ldap:0.15.0
-
cpe:2.3:a:owncloud:user_ldap:0.15.1
-
cpe:2.3:a:owncloud:user_ldap:0.15.2
-
cpe:2.3:a:owncloud:user_ldap:0.15.3
-
cpe:2.3:a:owncloud:user_ldap:0.9.1