Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30049 | 1 Ruifang-tech | 1 Rebuild | 2022-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. | |||||
| CVE-2022-39055 | 1 Changingtec | 1 Rava Certificate Validation System | 2022-10-20 | N/A | 5.3 MEDIUM |
| RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response. | |||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2022-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | |||||
| CVE-2020-6275 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. | |||||
| CVE-2020-15772 | 1 Gradle | 1 Enterprise | 2022-09-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery. | |||||
| CVE-2022-23464 | 1 Nepxion | 1 Discovery | 2022-09-28 | N/A | 7.5 HIGH |
| Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds. | |||||
| CVE-2022-39239 | 1 Nuxtjs | 1 Netlify-ipx | 2022-09-27 | N/A | 5.4 MEDIUM |
| netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site. | |||||
| CVE-2022-39211 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2022-09-21 | N/A | 5.3 MEDIUM |
| Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. | |||||
| CVE-2022-36112 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 5.8 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds. | |||||
| CVE-2022-2900 | 1 Parse-url Project | 1 Parse-url | 2022-09-16 | N/A | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||||
| CVE-2022-38298 | 1 Appsmith | 1 Appsmith | 2022-09-15 | N/A | 8.8 HIGH |
| Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. | |||||
| CVE-2022-38292 | 1 Slims | 1 Senayan Library Management System | 2022-09-15 | N/A | 9.8 CRITICAL |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | |||||
| CVE-2022-32457 | 1 Digiwin | 1 Business Process Management | 2022-09-14 | N/A | 5.3 MEDIUM |
| Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | |||||
| CVE-2022-40305 | 1 Canto | 1 Canto | 2022-09-10 | N/A | 9.8 CRITICAL |
| A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form. | |||||
| CVE-2022-36663 | 1 Gluu | 1 Oxauth | 2022-09-09 | N/A | 9.8 CRITICAL |
| Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | |||||
| CVE-2022-31196 | 1 Databasir | 1 Databasir | 2022-09-08 | N/A | 7.5 HIGH |
| Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. | |||||
| CVE-2021-27693 | 1 Publiccms | 1 Publiccms | 2022-09-08 | N/A | 9.8 CRITICAL |
| Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | |||||
| CVE-2021-39927 | 1 Gitlab | 1 Gitlab | 2022-09-03 | 3.5 LOW | 4.3 MEDIUM |
| Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | |||||
| CVE-2022-2556 | 1 Mailchimp | 1 Mailchimp For Woocommerce | 2022-09-01 | N/A | 2.7 LOW |
| The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | |||||
| CVE-2022-2267 | 1 Mailchimp | 1 Mailchimp For Woocommerce | 2022-09-01 | N/A | 4.3 MEDIUM |
| The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | |||||