Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-7200

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Mar, 2017 | 06:21
Updated At-05 Aug, 2024 | 15:56
Rejected At-
Credits

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Mar, 2017 | 06:21
Updated At:05 Aug, 2024 | 15:56
Rejected At:
▼CVE Numbering Authority (CNA)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96988
vdb-entry
x_refsource_BID
https://bugs.launchpad.net/ossn/+bug/1153614
x_refsource_CONFIRM
https://wiki.openstack.org/wiki/OSSN/OSSN-0078
x_refsource_CONFIRM
https://bugs.launchpad.net/ossn/+bug/1606495
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/96988
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1153614
Resource:
x_refsource_CONFIRM
Hyperlink: https://wiki.openstack.org/wiki/OSSN/OSSN-0078
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1606495
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96988
vdb-entry
x_refsource_BID
x_transferred
https://bugs.launchpad.net/ossn/+bug/1153614
x_refsource_CONFIRM
x_transferred
https://wiki.openstack.org/wiki/OSSN/OSSN-0078
x_refsource_CONFIRM
x_transferred
https://bugs.launchpad.net/ossn/+bug/1606495
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96988
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1153614
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://wiki.openstack.org/wiki/OSSN/OSSN-0078
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1606495
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Mar, 2017 | 06:59
Updated At:20 Apr, 2025 | 01:37

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.8MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

OpenStack
openstack
>>glance>>Versions up to mitaka(inclusive)
cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarynvd@nist.gov
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/96988cve@mitre.org
Third Party Advisory
VDB Entry
https://bugs.launchpad.net/ossn/+bug/1153614cve@mitre.org
Third Party Advisory
https://bugs.launchpad.net/ossn/+bug/1606495cve@mitre.org
Third Party Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0078cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/96988af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://bugs.launchpad.net/ossn/+bug/1153614af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugs.launchpad.net/ossn/+bug/1606495af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0078af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/96988
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1153614
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1606495
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wiki.openstack.org/wiki/OSSN/OSSN-0078
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/96988
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1153614
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugs.launchpad.net/ossn/+bug/1606495
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://wiki.openstack.org/wiki/OSSN/OSSN-0078
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

154Records found

CVE-2022-1723
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.37%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 08:35
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1767
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.37%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 15:45
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1815
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-19.91% / 95.24%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 08:15
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1711
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-26.19% / 96.10%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 12:40
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24825
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.19% / 41.63%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 19:45
Updated-23 Apr, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smokescreen SSRF via deny list bypass

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later.

Action-Not Available
Vendor-stripestripe
Product-smokescreensmokescreen
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-0508
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.93%
||
7 Day CHG~0.00%
Published-08 Feb, 2022 | 10:30
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in chocobozzz/peertube

Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832

Action-Not Available
Vendor-framasoftchocobozzz
Product-peertubechocobozzz/peertube
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1188
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-0.33% / 54.84%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:46
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-0132
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.8||MEDIUM
EPSS-0.34% / 56.24%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 10:10
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in chocobozzz/peertube

peertube is vulnerable to Server-Side Request Forgery (SSRF)

Action-Not Available
Vendor-framasoftchocobozzz
Product-peertubechocobozzz/peertube
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:51
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.60%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 20:55
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2017-3164
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-55.85% / 98.00%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Action-Not Available
Vendor-The Apache Software Foundation
Product-solrApache Solr
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-45968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-70.71% / 98.63%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 04:56
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.

Action-Not Available
Vendor-jivesoftwarepascomn/a
Product-cloud_phone_systemjiven/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-28977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-9.16% / 92.37%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 13:19
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.

Action-Not Available
Vendor-canton/a
Product-canton/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-45851
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.37%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 09:51
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Action-Not Available
Vendor-frangoteamn/a
Product-fuxan/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-28976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-20.27% / 95.30%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 13:14
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.

Action-Not Available
Vendor-canton/a
Product-canton/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-28978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-9.16% / 92.37%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 13:21
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

Action-Not Available
Vendor-canton/a
Product-canton/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-45325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.97%
||
7 Day CHG~0.00%
Published-08 Feb, 2022 | 14:36
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

Action-Not Available
Vendor-gitean/a
Product-gitean/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-44139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-77.66% / 98.95%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 16:50
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-sentineln/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-2339
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-0.72% / 71.56%
||
7 Day CHG~0.00%
Published-07 Jul, 2022 | 03:15
Updated-26 Aug, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in nocodb/nocodb

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.

Action-Not Available
Vendor-nocodbnocodb
Product-nocodbnocodb/nocodb
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-26811
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.80% / 73.19%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 16:12
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

Action-Not Available
Vendor-SAP SE
Product-commerce_cloud_\(accelerator_payment_mock\)SAP Commerce Cloud (Accelerator Payment Mock)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-28043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-01 Nov, 2020 | 17:07
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-26815
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.6||HIGH
EPSS-0.28% / 50.66%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 16:13
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.

Action-Not Available
Vendor-SAP SE
Product-fiori_launchpad_\(news_tile_application\)SAP Fiori Launchpad (News Tile Application)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-43296
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.55% / 91.45%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 18:40
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_supportcenter_plusn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-26032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.66%
||
7 Day CHG~0.00%
Published-28 Dec, 2020 | 07:56
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.

Action-Not Available
Vendor-zammadn/a
Product-zammadn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-26258
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-93.68% / 99.84%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 01:05
Updated-23 May, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Forgery Request can be activated unmarshalling with XStream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.

Action-Not Available
Vendor-xstreamx-streamFedora ProjectThe Apache Software FoundationDebian GNU/Linux
Product-debian_linuxstrutsfedoraxstreamxstream
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-24444
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.8||MEDIUM
EPSS-0.51% / 65.48%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 05:32
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blind SSRF in Forms add-on for AEM

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_manager_forms_add-onExperience Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-23079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.02%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:29
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.

Action-Not Available
Vendor-n/aHalo (FIT2CLOUD Inc.)
Product-halon/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-24548
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 44.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 18:28
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.

Action-Not Available
Vendor-ericomn/a
Product-access_servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-24641
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.69%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 18:26
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba AirWave Glass Software
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-24710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 19:33
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gophish before 0.11.0 allows SSRF attacks.

Action-Not Available
Vendor-getgophishn/a
Product-gophishn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-20582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.52%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 15:44
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information.

Action-Not Available
Vendor-mipcmsn/a
Product-mipcmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-21122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.39%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:16
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

Action-Not Available
Vendor-ureport_projectn/a
Product-ureportn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1784
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 12:15
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-1925
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 18:41
Updated-04 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.

Action-Not Available
Vendor-The Apache Software Foundation
Product-olingoApache Olingo
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-0870
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5||MEDIUM
EPSS-5.47% / 89.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 10:40
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in gogs/gogs

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.

Action-Not Available
Vendor-gogsgogs
Product-gogsgogs/gogs
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-41587
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.66%
||
7 Day CHG~0.00%
Published-24 Sep, 2021 | 14:18
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.

Action-Not Available
Vendor-n/aGradle, Inc.
Product-gradlen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-19613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.02%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 18:51
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-15879
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-21 Jul, 2020 | 16:59
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).

Action-Not Available
Vendor-bitwardenn/a
Product-servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-0528
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.72%
||
7 Day CHG+0.01%
Published-03 Mar, 2022 | 07:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in transloadit/uppy

Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.

Action-Not Available
Vendor-transloadittransloadit
Product-uppytransloadit/uppy
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-16248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-09 Aug, 2020 | 16:16
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability

Action-Not Available
Vendor-prometheusn/a
Product-blackbox_exportern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-15819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-08 Aug, 2020 | 20:07
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-7126
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.8||MEDIUM
EPSS-0.21% / 42.86%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:24
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba Airwave Software
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-46107
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-62.76% / 98.31%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 20:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.

Action-Not Available
Vendor-ligeo-archivesn/a
Product-ligeo_basicsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-13650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 18:08
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.

Action-Not Available
Vendor-digdashn/a
Product-digdashn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-14160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.06%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 10:57
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.

Action-Not Available
Vendor-thecodingmachinen/a
Product-gotenbergn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-12529
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.8||MEDIUM
EPSS-0.28% / 51.37%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 21:15
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.

Action-Not Available
Vendor-mbconnectlineMB connect line
Product-mymbconnect24mbconnect24mymbCONNECT24mbCONNECT24
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-11453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.56% / 80.77%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 15:03
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_webn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35561
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 78.19%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 15:49
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in variuos products of MB connect line and Helmholz

An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.

Action-Not Available
Vendor-mbconnectlinehelmholzn/a
Product-myrex24.virtualmymbconnect24myrex24mbconnect24n/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39935
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.8||MEDIUM
EPSS-25.99% / 96.07%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:47
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-40822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-93.25% / 99.80%
||
7 Day CHG~0.00%
Published-01 May, 2022 | 23:17
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.

Action-Not Available
Vendor-osgeon/a
Product-geoservern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found