An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF.
Published Date: Tuesday 14th of May 2019 11:29:00 AM
Modified Date: Tuesday 14th of May 2019 01:35:06 PM
Network Access Vector:
The attacker does not require local network access or local access.
Authentication is not required to access and exploit the vulnerability.
The attack can be performed manually and requires little skill or additional information gathering.
There is no impact to the availability of the system.
There is no impact to the integrity of the system.
There is considerable information disclosure.