Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6282 | 1 Sap | 1 Netweaver Application Server Java | 2020-07-15 | 5.0 MEDIUM | 5.8 MEDIUM |
| SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. | |||||
| CVE-2020-14170 | 1 Atlassian | 1 Bitbucket | 2020-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2019-20408 | 1 Atlassian | 1 Jira | 2020-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | |||||
| CVE-2017-5617 | 2 Debian, Kitfox | 2 Debian Linux, Svg Salamander | 2020-07-08 | 5.8 MEDIUM | 7.4 HIGH |
| The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file. | |||||
| CVE-2020-14056 | 1 Monstaftp | 1 Monsta Ftp | 2020-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services. | |||||
| CVE-2020-13484 | 1 Bitrix24 | 1 Bitrix24 | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL. | |||||
| CVE-2020-13650 | 1 Digdash | 1 Digdash | 2020-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service. | |||||
| CVE-2019-20872 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | |||||
| CVE-2020-12725 | 1 Redash | 1 Redash | 2020-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc. | |||||
| CVE-2020-9427 | 1 Open-xchange | 1 Ox Guard | 2020-06-18 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX Guard 2.10.3 and earlier allows SSRF. | |||||
| CVE-2020-8544 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF. | |||||
| CVE-2020-4101 | 1 Hcltech | 1 Hcl Digital Experience | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| "HCL Digital Experience is susceptible to Server Side Request Forgery." | |||||
| CVE-2020-9643 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9645 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-11453 | 1 Microstrategy | 1 Microstrategy Web | 2020-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product. | |||||
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2020-06-09 | 6.5 MEDIUM | 7.4 HIGH |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. | |||||
| CVE-2014-8943 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. | |||||
| CVE-2020-13226 | 1 Wso2 | 1 Api Manager | 2020-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. | |||||
| CVE-2020-4365 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2020-05-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. | |||||
| CVE-2020-5562 | 1 Cybozu | 1 Garoon | 2020-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | |||||