CVE-2022-29556
Description
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The iot-manager microservice in Mender Enterprise before 3.2.2 allows SSRF via Azure IoT Hub integration, enabling cross-tenant actions.
Vulnerability
The iot-manager microservice (version 1.0.0) in Mender Enterprise before 3.2.2 contains a server-side request forgery (SSRF) vulnerability due to the Azure IoT Hub integration exposing several SSRF primitives. Affected versions include 3.2.0 and 3.2.1 of the Mender product line [2].
Exploitation
An attacker can exploit this vulnerability by crafting requests to internal API endpoints, leveraging the Azure IoT Hub integration to perform SSRF. The SSRF primitives allow executing cross-tenant actions without requiring authentication [2].
Impact
Successful exploitation allows the attacker to execute cross-tenant actions, potentially gaining access to internal resources or performing unauthorized operations across Azure tenants [2].
Mitigation
The vulnerability is fixed in Mender Enterprise version 3.2.2, released on April 28, 2022 [2]. Users should upgrade to version 3.2.2 or later. No workarounds have been disclosed [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Northern.tech/Mender Enterprisedescription
- Range: = 1.0.0
- Range: <3.2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- mender.io/blog/cve-2022-29555-and-cve-2022-29556-vulnerabilities-in-iot-manager-and-deviceconnectmitrex_refsource_MISC
- northern.techmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.