CVE-2021-33581 – CVE-2021-33581 is a Server-Side Request Forgery... (How to Fix)

Q: What is the severity of CVE-2021-33581?

CVE-2021-33581 has a CVSS score of 7.2 (HIGH). CVE-2021-33581 is a Server-Side Request Forgery (SSRF) vulnerability in MashZone NextGen that allows attackers to interact with arbitrary TCP services by abusing the PPM connection availability check feature. This affects MashZone NextGen users through version 10.7 GA, potentially enabling attackers to probe internal networks or interact with internal services.

📋 TL;DR

CVE-2021-33581 is a Server-Side Request Forgery (SSRF) vulnerability in MashZone NextGen that allows attackers to interact with arbitrary TCP services by abusing the PPM connection availability check feature. This affects MashZone NextGen users through version 10.7 GA, potentially enabling attackers to probe internal networks or interact with internal services.

💻 Affected Systems

Products:

Software AG MashZone NextGen

Versions: Through 10.7 GA

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService component

📦 What is this software?

Mashzone Nextgen by Softwareag

View all CVEs affecting Mashzone Nextgen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could use the SSRF to interact with internal services, potentially leading to data exfiltration, internal network reconnaissance, or chaining with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Attackers would use this to scan internal networks, interact with internal APIs or services, and potentially access sensitive information from internal systems.

🟢

If Mitigated

With proper network segmentation and access controls, the impact would be limited to the specific network segments accessible from the MashZone server.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the vulnerable web service endpoint, which may require authentication depending on configuration

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 10.7 GA

Vendor Advisory: https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default

Restart Required: Yes

Instructions:

1. Upgrade MashZone NextGen to a version after 10.7 GA. 2. Apply any available security patches from Software AG. 3. Restart the MashZone services.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to the MashZone server to prevent external exploitation

Authentication Enforcement

all

Ensure the ZPrestoAdminWebService endpoint requires strong authentication

🧯 If You Can't Patch

Implement strict network segmentation to limit what the MashZone server can access internally
Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if MashZone NextGen version is 10.7 GA or earlier by examining the application version in the admin interface or configuration files

Check Version:

Check application logs or admin console for version information

Verify Fix Applied:

Verify the MashZone NextGen version is after 10.7 GA and test the ZPrestoAdminWebService endpoint for SSRF behavior

📡 Detection & Monitoring

Log Indicators:

Unusual outbound connections from MashZone server to internal services
Multiple failed connection attempts to various internal IPs/ports

Network Indicators:

Unexpected TCP connections originating from MashZone server to internal network segments

SIEM Query:

source_ip=MASHZONE_SERVER_IP AND (dest_port=22 OR dest_port=80 OR dest_port=443 OR dest_port=3389) AND NOT dest_ip in ALLOWED_DESTINATIONS

📊 Metadata

CVE ID: CVE-2021-33581

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: March 30, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581 Third Party Advisory
https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default Product,Vendor Advisory
https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581 Third Party Advisory
https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default Product,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33581, you might also want to check these: