Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14328 | 1 Redhat | 1 Ansible Tower | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-31216 | 1 Siren | 1 Investigate | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host. | |||||
| CVE-2021-20346 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595. | |||||
| CVE-2021-20348 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597. | |||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | |||||
| CVE-2021-22027 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | |||||
| CVE-2020-35970 | 1 Yzmcms | 1 Yzmcms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. | |||||
| CVE-2021-28941 | 1 Magpierss Project | 1 Magpierss | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. | |||||
| CVE-2017-17674 | 1 Bmc | 1 Remedy Mid-tier | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). | |||||
| CVE-2021-31910 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. | |||||
| CVE-2020-35313 | 1 Wondercms | 1 Wondercms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | |||||
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | |||||
| CVE-2020-22002 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. | |||||
| CVE-2021-33510 | 1 Plone | 1 Plone | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. | |||||
| CVE-2021-26699 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
| OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. | |||||
| CVE-2021-33213 | 1 Element-it | 1 Http Commander | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address. | |||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | |||||
| CVE-2021-29357 | 1 Outsystems | 3 Lifetime Management Console, Outsystems, Platform Server | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. | |||||
| CVE-2021-20345 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594. | |||||
| CVE-2021-29431 | 1 Matrix | 1 Sydent | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. | |||||