CTERA Portal Server-Side Request Forgery Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability exists in CTERA Portal versions 8.1.x (8.1.1417.24). This vulnerability allows remote attackers to manipulate the server into making arbitrary HTTP requests. Exploitation involves uploading an HTML file with a crafted iframe that, when previewed, triggers the server to send requests to specified locations. This could potentially access internal APIs, backend storage servers, or external sites, with the server's response displayed in the file preview.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal APIs and backend storage servers, allowing for information disclosure and bypassing server-side controls.

Added: Dec 16, 2025, 7:13 PM

Updated: Dec 16, 2025, 7:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CTERA Portal Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating