Search
Total
703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3546 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2019-10-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2019-15033 | 1 Pydio | 1 Pydio | 2019-09-20 | 4.0 MEDIUM | 7.7 HIGH |
| Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring. | |||||
| CVE-2019-15728 | 1 Gitlab | 1 Gitlab | 2019-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. | |||||
| CVE-2019-15730 | 1 Gitlab | 1 Gitlab | 2019-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. | |||||
| CVE-2019-8451 | 1 Atlassian | 1 Jira | 2019-09-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | |||||
| CVE-2019-12996 | 1 Mendix | 1 Mendix | 2019-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | |||||
| CVE-2019-6793 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 6.8 MEDIUM | 7.0 HIGH |
| An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | |||||
| CVE-2019-13020 | 1 Trms | 1 Tightrope Media Carousel | 2019-09-06 | 6.4 MEDIUM | 10.0 CRITICAL |
| The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. | |||||
| CVE-2019-15494 | 1 It-novum | 1 Openitcockpit | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | |||||
| CVE-2016-10927 | 1 Neliosoftware | 1 Nelio Ab Testing | 2019-08-26 | 6.4 MEDIUM | 10.0 CRITICAL |
| The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | |||||
| CVE-2016-10926 | 1 Neliosoftware | 1 Nelio Ab Testing | 2019-08-26 | 6.4 MEDIUM | 10.0 CRITICAL |
| The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. | |||||
| CVE-2019-0345 | 1 Sap | 1 Netweaver Application Server Java | 2019-08-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery. | |||||
| CVE-2019-12959 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2019-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | |||||
| CVE-2019-12994 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2019-08-16 | 6.5 MEDIUM | 9.1 CRITICAL |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | |||||
| CVE-2019-14704 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. | |||||
| CVE-2019-14255 | 1 Go-camo Project | 1 Go-camo | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. | |||||
| CVE-2019-7911 | 1 Magento | 1 Magento | 2019-08-09 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. | |||||
| CVE-2019-7913 | 1 Magento | 1 Magento | 2019-08-07 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. | |||||
| CVE-2019-7892 | 1 Magento | 1 Magento | 2019-08-07 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | |||||
| CVE-2019-7923 | 1 Magento | 1 Magento | 2019-08-07 | 6.5 MEDIUM | 7.2 HIGH |
| A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. | |||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-07-31 | 7.5 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||||
| CVE-2018-1042 | 1 Moodle | 1 Moodle | 2019-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has Server Side Request Forgery in the filepicker. | |||||
| CVE-2019-9187 | 1 Ikiwiki | 1 Ikiwiki | 2019-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs. | |||||
| CVE-2018-19495 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. | |||||
| CVE-2019-9827 | 1 Hawt | 1 Hawtio | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. | |||||
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | |||||
| CVE-2018-14728 | 1 Tecrail | 1 Responsive Filemanager | 2019-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. | |||||
| CVE-2019-12153 | 1 Realobjects | 1 Pdfreactor | 2019-06-17 | 6.4 MEDIUM | 10.0 CRITICAL |
| Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content. | |||||
| CVE-2018-17198 | 1 Apache | 1 Roller | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> --> | |||||
| CVE-2019-9621 | 1 Zimbra | 1 Collaboration Server | 2019-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. | |||||
| CVE-2019-6981 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | |||||
| CVE-2017-13667 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-28 | 6.5 MEDIUM | 9.9 CRITICAL |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | |||||
| CVE-2017-5643 | 1 Apache | 1 Camel | 2019-05-24 | 5.8 MEDIUM | 7.4 HIGH |
| Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | |||||
| CVE-2017-15029 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | |||||
| CVE-2019-12161 | 1 Webpagetest | 1 Webpagetest | 2019-05-21 | 4.0 MEDIUM | 8.8 HIGH |
| WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). | |||||
| CVE-2019-6512 | 1 Wso2 | 1 Api Manager | 2019-05-14 | 4.0 MEDIUM | 4.1 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. | |||||
| CVE-2019-6516 | 1 Wso2 | 1 Dashboard Server | 2019-05-14 | 5.0 MEDIUM | 5.8 MEDIUM |
| An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. | |||||
| CVE-2019-11066 | 1 Lightopenid Project | 1 Lightopenid | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. | |||||
| CVE-2019-7652 | 1 Thehive-project | 1 Cortex-analyzers | 2019-05-13 | 4.0 MEDIUM | 7.7 HIGH |
| TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts. | |||||
| CVE-2017-9506 | 1 Atlassian | 1 Oauth | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | |||||
| CVE-2019-11767 | 1 Phpbb | 1 Phpbb | 2019-05-06 | 5.0 MEDIUM | 5.8 MEDIUM |
| Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function. | |||||
| CVE-2019-11565 | 1 Print My Blog Project | 1 Print My Blog | 2019-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. | |||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
| CVE-2019-9174 | 1 Gitlab | 1 Gitlab | 2019-04-17 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | |||||
| CVE-2017-16870 | 1 Updraftplus | 1 Updraftplus | 2019-04-16 | 6.8 MEDIUM | 8.1 HIGH |
| ** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary. | |||||
| CVE-2019-10686 | 1 Ctrip | 1 Apollo | 2019-04-04 | 7.5 HIGH | 10.0 CRITICAL |
| An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled. | |||||
| CVE-2018-13103 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows SSRF. | |||||
| CVE-2017-1000017 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | |||||
| CVE-2019-6970 | 1 Moodle | 1 Moodle | 2019-03-22 | 6.0 MEDIUM | 7.5 HIGH |
| Moodle 3.5.x before 3.5.4 allows SSRF. | |||||
| CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||||