CVE-2021-47703
MEDIUM EPSS 18.6%
Published Dec 9, 20256mo ago · Modified Jun 17, 20262w ago
6.9 CVSS 4.0
Published Dec 9, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago
Description
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
18.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-918 Server-Side Request Forgery (SSRF) Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openbmcs | openbmcs | 2.4 | any |
References 4
- exploit-db.com https://www.exploit-db.com/exploits/50670
- openbmcs.com https://www.openbmcs.com
- vulncheck.com https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp
- zeroscience.mk https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.