CVE-2021-40091: 
SquaredUp vulnerability analysis and mitigation

An SSRF (Server-Side Request Forgery) vulnerability was discovered in SquaredUp for SCOM version 5.2.1.6654. The vulnerability was identified and disclosed on December 6, 2021, affecting the SquaredUp SCOM, Azure, and Community Editions prior to version 5.3.1 (CISA Bulletin, SquaredUp Support).

The vulnerability was assigned a CVSS score of 7.5, indicating a high severity level. The issue was identified as a Server-Side Request Forgery (SSRF) vulnerability, which could allow attackers to make unauthorized server-side requests through the affected application (NVD).

SSRF vulnerabilities can allow attackers to make unauthorized requests from the vulnerable server to internal or external systems. This could potentially lead to unauthorized access to internal resources, data exposure, and circumvention of network security controls (SquaredUp Support).

The vulnerability was patched in SquaredUp version 5.3.1. Users of affected versions (SCOM Edition, Azure Edition, and Community Edition versions earlier than 5.3.1) are advised to upgrade to version 5.3.1 or later to address this security issue (SquaredUp Support).