CVE-2017-7553

MEDIUM

App Studio - Server-Side Request Forgery

Title source: llm
STIX 2.1

Description

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2674
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2675
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1478792

Scores

CVSS v3 6.3
EPSS 0.0070
EPSS Percentile 48.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-918
Status published
Products (1)
redhat/mobile_application_platform < 4.4.3
Published Sep 29, 2017
Tracked Since Feb 18, 2026