low

Oracle Apiary SSRF

Published Tue, Feb 8th, 2022
Platforms

Summary

By misusing the Apiary web service and taking advantage of Apiary's use of IMDSv1, a remote attacker is able to retrieve sensitive information from various endpoints and use it to gain more access and sensitive data of other hosts in the same environment.

Affected Services

Apiary

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Tue, Feb 8th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Lidor Ben Shitrit, Orca Security