The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restriced endpoints.
Acknowledgments: Name: Tomas Rzepka
This issue has been addressed in the following products: Red Hat Mobile Application Platform 4.5 Via RHSA-2017:2675 https://access.redhat.com/errata/RHSA-2017:2675
This issue has been addressed in the following products: Red Hat Mobile Application Platform 4.5 Via RHSA-2017:2674 https://access.redhat.com/errata/RHSA-2017:2674