CVE-2021-45968
Summary
| CVE | CVE-2021-45968 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-18 05:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jivesoftware | Jive | - | All | All | All |
| Application | Pascom | Cloud Phone System | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Top Intranet Platform | Social Intranet Platform | Jive Software | MISC | jivesoftware.com | |
| The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems - Tutorial Boy | MISC | tutorialboy24.blogspot.com | |
| Support & Release Notes | MISC | www.pascom.net | |
| pascom Server 19 | MISC | www.pascom.net | |
| Pascom: The story of 3 bugs that lead to unauthed RCE. - Blog - Kerbit | MISC | kerbit.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.