Outsystems: >> Outsystems >> 10.0.1019.0 Security Vulnerabilities
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVSS Score
8.6
EPSS Score
0.002
Published
2021-04-12
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-31