Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40537 | 1 Owncloud | 1 User Ldap | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. | |||||
CVE-2021-41385 | 1 Securonix | 1 Snypr | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. | |||||
CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | |||||
CVE-2021-28910 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server. | |||||
CVE-2021-41792 | 1 Alfresco | 2 Alfresco Content Services, Alfresco Transform Services | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF. | |||||
CVE-2021-22054 | 1 Vmware | 1 Workspace One Uem Console | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | |||||
CVE-2021-39339 | 1 Telefication | 1 Telefication | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0. | |||||
CVE-2021-23718 | 1 Ssrf-agent Project | 1 Ssrf-agent | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. | |||||
CVE-2022-0508 | 1 Framasoft | 1 Peertube | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | |||||
CVE-2021-21993 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. | |||||
CVE-2021-45325 | 1 Gitea | 1 Gitea | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | |||||
CVE-2022-22702 | 1 Partkeepr | 1 Partkeepr | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | |||||
CVE-2021-40091 | 1 Squaredup | 1 Squaredup | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | |||||
CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
CVE-2021-43293 | 1 Sonatype | 1 Nexus Repository Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | |||||
CVE-2021-27738 | 1 Apache | 1 Kylin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2. | |||||
CVE-2021-42637 | 1 Printerlogic | 1 Web Stack | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. | |||||
CVE-2021-39927 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 4.3 MEDIUM |
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | |||||
CVE-2021-33690 | 1 Sap | 1 Netweaver Development Infrastructure | 2024-02-28 | 6.5 MEDIUM | 9.9 CRITICAL |
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet. | |||||
CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. |