CVE-2021-20788

2021-07-2800:45:31

jpcert

www.cve.org

groupsession

ssrf vulnerability

remote attacker

port scan

internal web server

AI Score

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.

CNA Affected

[
  {
    "product": "GroupSession",
    "vendor": "Japan Total System Co.,Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
      }
    ]
  }
]

References

groupsession.jp/info/info-news/security202107

jvn.jp/en/jp/JVN86026700/index.html