Total
1256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28735 | 1 Plone | 1 Plone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | |||||
| CVE-2020-28463 | 2 Fedoraproject, Reportlab | 2 Fedora, Reportlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF | |||||
| CVE-2020-28360 | 1 Private-ip Project | 1 Private-ip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques. | |||||
| CVE-2020-28168 | 2 Axios, Siemens | 2 Axios, Sinec Ins | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. | |||||
| CVE-2020-28043 | 1 Misp | 1 Misp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. | |||||
| CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | |||||
| CVE-2020-27624 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | |||||
| CVE-2020-27375 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. | |||||
| CVE-2020-27197 | 2 Eclecticiq, Libtaxii Project | 2 Opentaxii, Libtaxii | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group. | |||||
| CVE-2020-27018 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. | |||||
| CVE-2020-26948 | 1 Emby | 1 Emby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | |||||
| CVE-2020-26815 | 1 Sap | 1 Fiori Launchpad \(news Tile Application\) | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability. | |||||
| CVE-2020-26811 | 1 Sap | 1 Commerce Cloud \(accelerator Payment Mock\) | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. | |||||
| CVE-2020-26258 | 3 Debian, Fedoraproject, Xstream Project | 3 Debian Linux, Fedora, Xstream | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. | |||||
| CVE-2020-26032 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. | |||||
| CVE-2020-25820 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | |||||
| CVE-2020-25466 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | |||||
| CVE-2020-25353 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | |||||
| CVE-2020-24898 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2024-11-21 | 4.0 MEDIUM | 7.6 HIGH |
| The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). | |||||
| CVE-2020-24881 | 1 Osticket | 1 Osticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | |||||