Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4882 | 1 Ibm | 1 Planning Analytics | 2021-03-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852. | |||||
| CVE-2020-5014 | 1 Ibm | 1 Datapower Gateway | 2021-03-16 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. | |||||
| CVE-2020-12529 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports. | |||||
| CVE-2021-23345 | 1 Thecodingmachine | 1 Gotenberg | 2021-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. | |||||
| CVE-2020-23534 | 1 Masterlab | 1 Masterlab | 2021-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | |||||
| CVE-2021-27670 | 1 Appspace | 1 Appspace | 2021-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | |||||
| CVE-2021-27329 | 1 Frendi | 1 Frendica | 2021-02-26 | 10.0 HIGH | 10.0 CRITICAL |
| Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. | |||||
| CVE-2021-3204 | 1 Webware | 1 Webdesktop | 2021-02-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. | |||||
| CVE-2020-10252 | 1 Owncloud | 1 Owncloud | 2021-02-25 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. | |||||
| CVE-2021-21288 | 1 Carrierwave Project | 1 Carrierwave | 2021-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1. | |||||
| CVE-2021-21287 | 1 Minio | 1 Minio | 2021-02-05 | 4.0 MEDIUM | 7.7 HIGH |
| MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with "MINIO_BROWSER=off" environment variable. | |||||
| CVE-2020-35667 | 1 Jetbrains | 1 Teamcity | 2021-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | |||||
| CVE-2021-25236 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | |||||
| CVE-2021-25241 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. | |||||
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | |||||
| CVE-2020-36200 | 1 Kaspersky | 1 Tinycheck | 2021-02-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. | |||||
| CVE-2020-4786 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-02-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221. | |||||
| CVE-2020-4787 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-02-02 | 2.1 LOW | 2.3 LOW |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. | |||||
| CVE-2020-24881 | 1 Osticket | 1 Osticket | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | |||||
| CVE-2007-6758 | 1 Sencha | 1 Ext Js | 2021-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. | |||||