{"api_version":"1","generated_at":"2026-04-23T16:55:52+00:00","cve":"CVE-2021-45968","urls":{"html":"https://cve.report/CVE-2021-45968","api":"https://cve.report/api/cve/CVE-2021-45968.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-45968","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-45968"},"summary":{"title":"CVE-2021-45968","description":"An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-03-18 05:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://jivesoftware.com/platform/","name":"https://jivesoftware.com/platform/","refsource":"MISC","tags":[],"title":"Top Intranet Platform | Social Intranet Platform | Jive Software","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html","name":"https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html","refsource":"MISC","tags":[],"title":"The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems - Tutorial Boy","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.pascom.net/doc/en/release-notes/","name":"https://www.pascom.net/doc/en/release-notes/","refsource":"MISC","tags":[],"title":"Support & Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.pascom.net/doc/en/release-notes/pascom19/","name":"https://www.pascom.net/doc/en/release-notes/pascom19/","refsource":"MISC","tags":[],"title":"pascom Server 19","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kerbit.io/research/read/blog/4","name":"https://kerbit.io/research/read/blog/4","refsource":"MISC","tags":[],"title":"Pascom: The story of 3 bugs that lead to unauthed RCE. - Blog - Kerbit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-45968","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45968","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"45968","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jivesoftware","cpe5":"jive","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45968","vulnerable":"1","versionEndIncluding":"7.19","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pascom","cpe5":"cloud_phone_system","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-45968","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.pascom.net/doc/en/release-notes/","refsource":"MISC","name":"https://www.pascom.net/doc/en/release-notes/"},{"refsource":"MISC","name":"https://jivesoftware.com/platform/","url":"https://jivesoftware.com/platform/"},{"refsource":"MISC","name":"https://www.pascom.net/doc/en/release-notes/pascom19/","url":"https://www.pascom.net/doc/en/release-notes/pascom19/"},{"refsource":"MISC","name":"https://kerbit.io/research/read/blog/4","url":"https://kerbit.io/research/read/blog/4"},{"refsource":"MISC","name":"https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html","url":"https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html"}]}},"nvd":{"publishedDate":"2022-03-18 05:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jivesoftware:jive:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pascom:cloud_phone_system:*:*:*:*:*:*:*:*","versionEndIncluding":"7.19","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"45968","Ordinal":"224465","Title":"CVE-2021-45968","CVE":"CVE-2021-45968","Year":"2021"},"notes":[]}}}