Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22002 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. | |||||
| CVE-2020-15152 | 1 Ftp-srv Project | 1 Ftp-srv | 2021-05-05 | 5.0 MEDIUM | 9.1 CRITICAL |
| ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory. | |||||
| CVE-2020-35313 | 1 Wondercms | 1 Wondercms | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | |||||
| CVE-2021-29431 | 1 Matrix | 1 Sydent | 2021-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. | |||||
| CVE-2021-29357 | 1 Outsystems | 3 Lifetime Management Console, Outsystems, Platform Server | 2021-04-21 | 5.0 MEDIUM | 8.6 HIGH |
| The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. | |||||
| CVE-2021-28060 | 1 Group-office | 1 Group Office | 2021-04-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | |||||
| CVE-2020-24139 | 1 Wcms | 1 Wcms | 2021-04-13 | 7.5 HIGH | 8.3 HIGH |
| Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | |||||
| CVE-2020-24140 | 1 Wcms | 1 Wcms | 2021-04-13 | 7.5 HIGH | 8.3 HIGH |
| Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | |||||
| CVE-2021-20480 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. | |||||
| CVE-2021-28941 | 1 Magpierss Project | 1 Magpierss | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. | |||||
| CVE-2020-19613 | 1 Flycms Project | 1 Flycms | 2021-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | |||||
| CVE-2021-1627 | 1 Salesforce | 1 Mule | 2021-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021. | |||||
| CVE-2021-26715 | 1 Mitreid | 1 Connect | 2021-03-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network. | |||||
| CVE-2020-15809 | 1 Spinetix | 11 Diva, Diva Firmware, Dsos and 8 more | 2021-03-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. | |||||
| CVE-2021-22179 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. | |||||
| CVE-2021-22178 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 4.0 MEDIUM | 5.0 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. | |||||
| CVE-2020-4882 | 1 Ibm | 1 Planning Analytics | 2021-03-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852. | |||||
| CVE-2020-5014 | 1 Ibm | 1 Datapower Gateway | 2021-03-16 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. | |||||
| CVE-2020-12529 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports. | |||||
| CVE-2021-23345 | 1 Thecodingmachine | 1 Gotenberg | 2021-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. | |||||