CVE-2021-40604

2022-06-1317:45:39

mitre

www.cve.org

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.

References

invisioncommunity.com/release-notes/462-r99/