CVE-2021-45968
HIGH NUCLEIJive XMPP Server - Server-Side Request Forgery via Backend Tomcat Endpoint
Title source: llmExploitation Summary
CVE-2021-45968 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
Nuclei Templates (1)
Pascom CPS - Local File Inclusion
HIGHby dwisiswant0
References (5)
Core 5
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.pascom.net/doc/en/release-notes/
Product, Third Party Advisory x_refsource_misc
https://jivesoftware.com/platform/
Release Notes, Vendor Advisory x_refsource_misc
https://www.pascom.net/doc/en/release-notes/pascom19/
Exploit, Third Party Advisory x_refsource_misc
https://kerbit.io/research/read/blog/4
Exploit, Third Party Advisory x_refsource_misc
https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
Scores
CVSS v3
7.5
EPSS
0.1067
EPSS Percentile
95.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (2)
jivesoftware/jive
pascom/cloud_phone_system
< 7.19
Published
Mar 18, 2022
Tracked Since
Feb 18, 2026