{"api_version":"1","generated_at":"2026-04-18T04:16:41+00:00","cve":"CVE-2021-40186","urls":{"html":"https://cve.report/CVE-2021-40186","api":"https://cve.report/api/cve/CVE-2021-40186.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-40186","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186"},"summary":{"title":"CVE-2021-40186","description":"The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.","state":"PUBLIC","assigner":"info@appcheck-ng.com","published_at":"2022-06-02 14:15:00","updated_at":"2022-06-09 17:07:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","name":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","refsource":"MISC","tags":[],"title":"DNN CMS Server-Side Request Forgery (CVE-2021-40186) | AppCheck","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-40186","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40186","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"40186","vulnerable":"1","versionEndIncluding":"9.10.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dnnsoftware","cpe5":"dotnetnuke","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"info@appcheck-ng.com","ID":"CVE-2021-40186","STATE":"PUBLIC","TITLE":"DNN CMS Server-Side Request Forgery (SSRF)"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"DNN Platform","version":{"version_data":[{"version_affected":"<","version_name":"9.0","version_value":"9.11.0"}]}}]},"vendor_name":"DNNSoftware"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-918 Server-Side Request Forgery (SSRF)"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186","name":"https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2022-06-02 14:15:00","lastModifiedDate":"2022-06-09 17:07:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*","versionEndIncluding":"9.10.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"40186","Ordinal":"215906","Title":"CVE-2021-40186","CVE":"CVE-2021-40186","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"40186","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}