CVE-2021-29357
HIGHOutSystems Platform Server SSRF via ECT Provider (10 < 10.0.1104.0, 11 < 11.9.0, LifeTime < 11.7.0)
Title source: llmDescription
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTAF-2226
Third Party Advisory x_refsource_misc
https://labs.integrity.pt/advisories/cve-2021-29357/
Scores
CVSS v3
8.6
EPSS
0.0095
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (3)
outsystems/lifetime_management_console
11 - 11.7.0
outsystems/outsystems
10 - 10.0.1104.0
outsystems/platform_server
11 - 11.9.0
Published
Apr 12, 2021
Tracked Since
Feb 18, 2026