CVE-2021-45968 – This vulnerability allows Server-Side Request F... (How to Fix)

Q: What is the severity of CVE-2021-45968?

CVE-2021-45968 has a CVSS score of 7.5 (HIGH). This vulnerability allows Server-Side Request Forgery (SSRF) attacks against the XMPP Server component in Pascom Cloud Phone System and other JIve platform products. Attackers can make the vulnerable server send unauthorized requests to internal systems, potentially accessing sensitive data or services. Organizations using Pascom Cloud Phone System before version 7.20.x or other affected JIve platform products are at risk.

📋 TL;DR

This vulnerability allows Server-Side Request Forgery (SSRF) attacks against the XMPP Server component in Pascom Cloud Phone System and other JIve platform products. Attackers can make the vulnerable server send unauthorized requests to internal systems, potentially accessing sensitive data or services. Organizations using Pascom Cloud Phone System before version 7.20.x or other affected JIve platform products are at risk.

💻 Affected Systems

Products:

Pascom Cloud Phone System
JIve platform XMPP Server

Versions: Pascom Cloud Phone System before 7.20.x

Operating Systems: All platforms running Tomcat with vulnerable xmppserver jar

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the backend Tomcat server endpoint in Pascom deployments. Other JIve platform products using the same xmppserver component may also be vulnerable.

📦 What is this software?

Cloud Phone System by Pascom

View all CVEs affecting Cloud Phone System →

Jive by Jivesoftware

View all CVEs affecting Jive →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full internal network compromise through SSRF chaining with other vulnerabilities, allowing attackers to access internal services, exfiltrate sensitive data, or pivot to other systems.

🟠

Likely Case

Unauthorized access to internal HTTP services, metadata services, or cloud instance metadata, potentially leading to credential theft or internal reconnaissance.

🟢

If Mitigated

Limited impact due to network segmentation, egress filtering, and proper authentication controls on internal services.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities are commonly exploited and this appears to be related to CVE-2019-18394. Public research and blog posts demonstrate exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Pascom Cloud Phone System 7.20.x or later

Vendor Advisory: https://www.pascom.net/doc/en/release-notes/

Restart Required: Yes

Instructions:

1. Upgrade Pascom Cloud Phone System to version 7.20.x or later. 2. For JIve platform products, check with vendor for updated xmppserver jar. 3. Restart Tomcat service after patching.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from the vulnerable server to only necessary internal services

Tomcat URL Filtering

all

Implement request filtering in Tomcat to block SSRF attempts

Add URL filtering rules to Tomcat's web.xml configuration

🧯 If You Can't Patch

Implement strict network egress filtering to prevent the vulnerable server from accessing internal services
Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check Pascom version via admin interface or check for vulnerable xmppserver jar in Tomcat deployments

Check Version:

Check Pascom admin dashboard or consult vendor documentation for version verification

Verify Fix Applied:

Verify Pascom version is 7.20.x or later and test SSRF endpoints are no longer accessible

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Tomcat server
Requests to internal IP addresses or metadata services
429 or 5xx errors from internal services

Network Indicators:

HTTP traffic from Tomcat server to unexpected internal destinations
Requests to cloud metadata endpoints (169.254.169.254, etc.)

SIEM Query:

source="tomcat" AND (dest_ip=PRIVATE_IP_RANGE OR dest_ip=169.254.169.254) AND http_method=GET

📊 Metadata

CVE ID: CVE-2021-45968

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-918

Published: March 18, 2022

Last Updated: November 21, 2024

🔗 References

https://jivesoftware.com/platform/ Product,Third Party Advisory
https://kerbit.io/research/read/blog/4 Exploit,Third Party Advisory
https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html Exploit,Third Party Advisory
https://www.pascom.net/doc/en/release-notes/ Release Notes,Vendor Advisory
https://www.pascom.net/doc/en/release-notes/pascom19/ Release Notes,Vendor Advisory
https://jivesoftware.com/platform/ Product,Third Party Advisory
https://kerbit.io/research/read/blog/4 Exploit,Third Party Advisory
https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html Exploit,Third Party Advisory
https://www.pascom.net/doc/en/release-notes/ Release Notes,Vendor Advisory
https://www.pascom.net/doc/en/release-notes/pascom19/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45968, you might also want to check these: