Foxit Pdf Services Api
Monthly
Server-Side Request Forgery (SSRF) in Foxit PDF Services API allows low-privileged remote attackers to force the server to make HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. With a CVSS score of 8.5 and changed scope (S:C), authenticated attackers can leverage this to probe internal infrastructure, access restricted resources like AWS/Azure metadata services (169.254.169.254), and exfiltrate sensitive information including credentials and configuration data. No public exploit identified at time of analysis, though SSRF exploitation techniques are well-documented and the low attack complexity (AC:L) makes this readily exploitable once an attacker obtains valid credentials.
Server-Side Request Forgery (SSRF) in Foxit PDF Services API allows low-privileged remote attackers to force the server to make HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. With a CVSS score of 8.5 and changed scope (S:C), authenticated attackers can leverage this to probe internal infrastructure, access restricted resources like AWS/Azure metadata services (169.254.169.254), and exfiltrate sensitive information including credentials and configuration data. No public exploit identified at time of analysis, though SSRF exploitation techniques are well-documented and the low attack complexity (AC:L) makes this readily exploitable once an attacker obtains valid credentials.