CVE-2021-29357

high

Description

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.

References

https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTAF-2226

https://labs.integrity.pt/advisories/cve-2021-29357/

Details

Source: Mitre, NVD

Published: 2021-04-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00249

Detections

Analytics