The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise prior to 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
northern.tech mender 3.2.1 |
||
northern.tech mender 3.2.0 |