Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-918
Total 774 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37940 1 Elastic 1 Enterprise Search 2021-12-09 4.0 MEDIUM 6.8 MEDIUM
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.
CVE-2021-4075 1 Snipeitapp 1 Snipe-it 2021-12-07 6.5 MEDIUM 7.2 HIGH
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
CVE-2021-40091 1 Squaredup 1 Squaredup 2021-12-07 7.5 HIGH 9.8 CRITICAL
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.
CVE-2021-29863 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2021-12-02 4.0 MEDIUM 4.3 MEDIUM
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.
CVE-2021-40809 1 Jamf 1 Jamf 2021-12-01 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows.
CVE-2021-3552 1 Bitdefender 2 Endpoint Security Tools, Gravityzone 2021-12-01 5.0 MEDIUM 7.5 HIGH
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.
CVE-2021-36327 1 Dell 1 Emc Streaming Data Platform 2021-12-01 5.0 MEDIUM 5.3 MEDIUM
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.
CVE-2021-3553 1 Bitdefender 2 Endpoint Security Tools, Gravityzone 2021-11-30 5.0 MEDIUM 7.5 HIGH
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.
CVE-2020-28463 2 Fedoraproject, Reportlab 2 Fedora, Reportlab 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
CVE-2020-26258 3 Debian, Fedoraproject, Xstream Project 3 Debian Linux, Fedora, Xstream 2021-11-30 5.0 MEDIUM 7.7 HIGH
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
CVE-2021-43780 1 Redash 1 Redash 2021-11-30 6.0 MEDIUM 8.8 HIGH
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one's configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash's configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables.
CVE-2021-22049 1 Vmware 1 Vcenter Server 2021-11-29 7.5 HIGH 9.8 CRITICAL
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVE-2021-22970 1 Concretecms 1 Concrete Cms 2021-11-23 5.0 MEDIUM 7.5 HIGH
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal
CVE-2021-22969 1 Concretecms 1 Concrete Cms 2021-11-23 5.0 MEDIUM 5.3 MEDIUM
Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0
CVE-2021-41259 1 Nim-lang 1 Nim 2021-11-17 7.5 HIGH 9.8 CRITICAL
Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri("http://localhost\0hello").hostname is set to "localhost\0hello". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent("http://localhost\0hello") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack.
CVE-2021-43562 1 Pixxio 1 Pixx.io 2021-11-16 6.5 MEDIUM 8.8 HIGH
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.
CVE-2021-43293 1 Sonatype 1 Nexus Repository Manager 2021-11-05 4.0 MEDIUM 4.3 MEDIUM
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
CVE-2021-29738 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2021-11-03 5.5 MEDIUM 5.4 MEDIUM
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302.
CVE-2021-29844 1 Ibm 7 Engineering Lifecycle Optimization, Engineering Requirements Quality Assistant On-premises, Engineering Workflow Management and 4 more 2021-11-02 6.5 MEDIUM 8.8 HIGH
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2021-22958 1 Concretecms 1 Concrete Cms 2021-11-01 7.5 HIGH 9.8 CRITICAL
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N