Total
1256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37033 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A | 6.5 MEDIUM |
| In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. | |||||
| CVE-2022-36997 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. | |||||
| CVE-2022-36802 | 1 Atlassian | 1 Jira Align | 2024-11-21 | N/A | 4.9 MEDIUM |
| The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. | |||||
| CVE-2022-36663 | 1 Gluu | 1 Oxauth | 2024-11-21 | N/A | 9.8 CRITICAL |
| Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | |||||
| CVE-2022-36551 | 1 Heartex | 1 Label Studio | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. | |||||
| CVE-2022-36451 | 1 Mitel | 1 Micollab | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | |||||
| CVE-2022-36376 | 1 Rankmath | 1 Seo | 2024-11-21 | N/A | 6.8 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. | |||||
| CVE-2022-36112 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 3.5 LOW |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds. | |||||
| CVE-2022-35949 | 1 Nodejs | 1 Undici | 2024-11-21 | N/A | 5.3 MEDIUM |
| undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call. | |||||
| CVE-2022-35583 | 1 Wkhtmltopdf | 1 Wkhtmltopdf | 2024-11-21 | N/A | 9.8 CRITICAL |
| wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets. | |||||
| CVE-2022-35508 | 1 Proxmox | 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment | 2024-11-21 | N/A | 9.8 CRITICAL |
| Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. | |||||
| CVE-2022-35282 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. | |||||
| CVE-2022-34269 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution. | |||||
| CVE-2022-34013 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. | |||||
| CVE-2022-34011 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | |||||
| CVE-2022-32995 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | |||||
| CVE-2022-32457 | 1 Digiwin | 1 Business Process Management | 2024-11-21 | N/A | 5.3 MEDIUM |
| Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | |||||
| CVE-2022-31830 | 1 Baidu | 1 Kity Minder | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. | |||||
| CVE-2022-31827 | 1 Monstaftp | 1 Monstaftp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. | |||||
| CVE-2022-31776 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | N/A | 8.8 HIGH |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. | |||||