Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Northern.tech Mender Enterprise 代码问题漏洞
Vulnerability Description
Northern.tech Mender Enterprise是Northern.tech的一个物联网设备的无线更新管理器。 Northern.tech Mender Enterprise 3.2.2 之前版本存在安全漏洞,该漏洞源于 iot-manager 微服务 1.0.0 允许 SSRF,因为 Azure IoT Hub 集成提供了几个可以通过内部 API 端点执行跨租户操作的 SSRF 原语。
CVSS Information
N/A
Vulnerability Type
N/A