.. / CVE-2021-27748

Exploit for IBM WebSphere HCL Digital Experience - Server-Side Request Forgery (CVE-2021-27748)

Description:

IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.

Nuclei Template

View the template here CVE-2021-27748.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-27748.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-27748
https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665