Search
Total
703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35850 | 1 Cockpit-project | 1 Cockpit | 2021-01-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue." | |||||
| CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2020-12-30 | 9.3 HIGH | 9.8 CRITICAL |
| Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | |||||
| CVE-2020-26032 | 1 Zammad | 1 Zammad | 2020-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. | |||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2020-12-24 | 4.0 MEDIUM | 7.7 HIGH |
| GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | |||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||||
| CVE-2019-14476 | 1 Adremsoft | 1 Netcrunch | 2020-12-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | |||||
| CVE-2020-17513 | 1 Apache | 1 Airflow | 2020-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | |||||
| CVE-2020-24444 | 1 Adobe | 1 Experience Manager Forms Add-on | 2020-12-14 | 5.0 MEDIUM | 5.8 MEDIUM |
| AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network. | |||||
| CVE-2017-3164 | 1 Apache | 1 Solr | 2020-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. | |||||
| CVE-2020-28360 | 1 Private-ip Project | 1 Private-ip | 2020-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques. | |||||
| CVE-2018-10511 | 1 Trendmicro | 1 Control Manager | 2020-12-08 | 6.4 MEDIUM | 10.0 CRITICAL |
| A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | |||||
| CVE-2020-24815 | 1 Microstrategy | 1 Microstrategy | 2020-12-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020. | |||||
| CVE-2020-24063 | 1 Canto | 1 Canto | 2020-12-01 | 5.0 MEDIUM | 7.2 HIGH |
| The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | |||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2020-11-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | |||||
| CVE-2020-27018 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. | |||||
| CVE-2020-26815 | 1 Sap | 1 Fiori Launchpad \(news Tile Application\) | 2020-11-24 | 5.0 MEDIUM | 8.6 HIGH |
| SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability. | |||||
| CVE-2020-27624 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | |||||
| CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | |||||
| CVE-2020-28043 | 1 Misp | 1 Misp | 2020-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. | |||||
| CVE-2020-15772 | 1 Gradle | 1 Enterprise | 2020-11-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery. | |||||
| CVE-2020-24710 | 1 Getgophish | 1 Gophish | 2020-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gophish before 0.11.0 allows SSRF attacks. | |||||
| CVE-2020-25820 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | |||||
| CVE-2020-7126 | 1 Arubanetworks | 1 Airwave Glass | 2020-10-27 | 5.0 MEDIUM | 5.8 MEDIUM |
| A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-27197 | 2 Eclecticiq, Libtaxii Project | 2 Opentaxii, Libtaxii | 2020-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group." | |||||
| CVE-2020-25466 | 1 Crmeb | 1 Crmeb | 2020-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | |||||
| CVE-2020-15002 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-10-26 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | |||||
| CVE-2020-26948 | 1 Msf Emby Project | 1 Msf Emby | 2020-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | |||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2020-10-22 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | |||||
| CVE-2020-15822 | 1 Jetbrains | 1 Youtrack | 2020-10-22 | 7.5 HIGH | 7.3 HIGH |
| In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | |||||
| CVE-2020-6308 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. | |||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2020-10-19 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | |||||
| CVE-2019-7616 | 1 Elastic | 1 Kibana | 2020-10-19 | 4.0 MEDIUM | 4.9 MEDIUM |
| Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. | |||||
| CVE-2019-12632 | 1 Cisco | 1 Finesse | 2020-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. | |||||
| CVE-2019-12633 | 1 Cisco | 1 Unified Contact Center Express | 2020-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. | |||||
| CVE-2017-12905 | 1 Vebto | 1 Pixie - Image Editor | 2020-10-02 | 7.5 HIGH | 10.0 CRITICAL |
| Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | |||||
| CVE-2020-5784 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | |||||
| CVE-2020-16171 | 1 Acronis | 1 Cyber Backup | 2020-10-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | |||||
| CVE-2020-14023 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. | |||||
| CVE-2020-13309 | 1 Gitlab | 1 Gitlab | 2020-09-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. | |||||
| CVE-2019-17670 | 1 Wordpress | 1 Wordpress | 2020-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | |||||
| CVE-2020-4632 | 1 Ibm | 1 Infosphere Metadata Asset Manager | 2020-09-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. | |||||
| CVE-2020-12644 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-09-09 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. | |||||
| CVE-2020-24898 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2020-09-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). | |||||
| CVE-2020-24548 | 1 Ericom | 1 Access Server | 2020-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports. | |||||
| CVE-2020-9298 | 1 Spinnaker | 1 Orca | 2020-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. | |||||
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Banking Platform and 9 more | 2020-08-31 | 7.5 HIGH | 10.0 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | |||||
| CVE-2020-5775 | 1 Instructure | 1 Canvas Learning Management Service | 2020-08-26 | 5.0 MEDIUM | 5.8 MEDIUM |
| Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. | |||||
| CVE-2020-17386 | 1 Cellopoint | 1 Cellos | 2020-08-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | |||||
| CVE-2019-15731 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. | |||||
| CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2020-08-24 | 9.0 HIGH | 9.8 CRITICAL |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | |||||