Primary

Context

B&R APROL Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in the APROL Web Portal, specifically in B&R APROL versions prior to 4.4-00P5. This vulnerability allows an authenticated network-based attacker to manipulate the web server into making requests to arbitrary URLs.

Impact

Exploitation of this vulnerability could lead to server-side request forgery, allowing attackers to make unauthorized requests from the server.

Remediation

Users are advised to upgrade to B&R APROL version 4.4-01 or version 4.4-00P5 or later. After applying the update, it is recommended to change all passwords and secrets, as some vulnerabilities may have compromised credential confidentiality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

B&R APROL Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

B&R APROL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating