Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8544 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF. | |||||
| CVE-2020-4101 | 1 Hcltech | 1 Hcl Digital Experience | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| "HCL Digital Experience is susceptible to Server Side Request Forgery." | |||||
| CVE-2020-9643 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9645 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2020-06-09 | 6.5 MEDIUM | 7.4 HIGH |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. | |||||
| CVE-2014-8943 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. | |||||
| CVE-2020-13226 | 1 Wso2 | 1 Api Manager | 2020-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. | |||||
| CVE-2020-4365 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2020-05-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. | |||||
| CVE-2020-5562 | 1 Cybozu | 1 Garoon | 2020-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | |||||
| CVE-2020-10980 | 1 Gitlab | 1 Gitlab | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | |||||
| CVE-2020-11452 | 1 Microstrategy | 1 Microstrategy Web | 2020-04-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper. | |||||
| CVE-2020-10956 | 1 Gitlab | 1 Gitlab | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. | |||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2020-04-01 | 5.0 MEDIUM | 8.6 HIGH |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
| CVE-2020-3769 | 1 Adobe | 1 Experience Manager | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-10791 | 1 It-novum | 1 Openitcockpit | 2020-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. | |||||
| CVE-2020-8134 | 1 Ghost | 1 Ghost | 2020-03-26 | 5.5 MEDIUM | 8.1 HIGH |
| Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | |||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2020-03-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | |||||
| CVE-2019-11574 | 1 Simplemachines | 1 Simple Machine Forum | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | |||||
| CVE-2020-8135 | 1 Uppy | 1 Uppy | 2020-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | |||||
| CVE-2020-10077 | 1 Gitlab | 1 Gitlab | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | |||||