Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-37440

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-22 Aug, 2023 | 18:10
Updated At-29 Oct, 2024 | 19:17
Rejected At-
Credits

Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:22 Aug, 2023 | 18:10
Updated At:29 Oct, 2024 | 19:17
Rejected At:
▼CVE Numbering Authority (CNA)
Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise (HPE)
Product
EdgeConnect SD-WAN Orchestrator
Default Status
affected
Versions
Affected
  • From Orchestrator 9.3.x through <=9.3.0 (semver)
  • From Orchestrator 9.2.x through <=9.2.* (semver)
  • From Orchestrator 9.1.x through <=9.1.* (semver)
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Daniel Jensen (@dozernz)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
N/A
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
x_transferred
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:22 Aug, 2023 | 19:16
Updated At:29 Oct, 2024 | 20:35

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
CPE Matches
Aruba Networks
arubanetworks
>>edgeconnect_sd-wan_orchestrator>>Versions before 9.3.1(exclusive)
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarynvd@nist.gov
CWE-918Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-918
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txtsecurity-alert@hpe.com
Mitigation
Vendor Advisory
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
Source: security-alert@hpe.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

112Records found
CVE-2024-13879
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 15:21
Updated-18 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stream <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery

The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Action-Not Available
Vendor-xwp
Product-Stream
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13904
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.55%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:21
Updated-13 Mar, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery

The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-platformlyplatformlycom
Product-platform.ly_for_woocommercePlatform.ly for WooCommerce
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13838
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.79%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 07:00
Updated-02 Apr, 2025 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_automatorUncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13857
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.85%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 09:21
Updated-07 Mar, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery

The WPGet API – Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Action-Not Available
Vendor-davidanderson
Product-WPGet API – Connect to any external REST API
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13905
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.74%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 04:21
Updated-12 Mar, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-sainwpsainwp
Product-onestore_sitesOneStore Sites
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13940
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 08:22
Updated-14 May, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-Ninja Forms
Product-Ninja Forms Webhooks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-35949
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-12 Aug, 2022 | 00:00
Updated-22 Apr, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`undici.request` vulnerable to SSRF using absolute URL on `pathname`

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)
Product-undiciundici
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51980
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.29%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 07:22
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Action-Not Available
Vendor-Toshiba TecFUJIFILM Business InnovationKonica Minolta, Inc.Brother Industries, LtdRicoh Company, Ltd.
Product-HL-L3210CWDCP-L2640DWMFC-L2690DWHL-L3295CDWTD-2320DSAMFC-L3745CDWDCP-T420WHL-J6010DWHL-EX470WHL-L8245CDWDCP-J572DWMFC-J893NMFC-J4440DWMFC-L2900DWDCP-L3528CDWMFC-L2886DWHL-L2386DWDCP-J4543NPT-E850TKW (for Vietnum)Apeos 4620 SXMFC-L8690CDWDCP-J982N-W/BHL-1210WEDocuPrint P118 wTD-2125NDocuPrint M265 zDocuPrint M115 zMFC-L5850DWDCP-T835DWHL-L5212DNMFC-T920DWDocuPrint M268 zDocuPrint M118 zMFC-J3530DWHL-L2370DWXLDocuPrint P378 dMFC-L2715DW(for Tiwan, Koria)MFC-J939DNDCP-T436WMFC-L2835DWMFC-L2922DWMFC-L2800DWDCP-L2660DWMFC-J4535DW(XL)HL-B2080DWMFC-J5830DWMFC-L6900DWMFC-L2765DWMFC-L2700DW(ASA)DCP-T820DWApeos 4620 SZPT-D800WMFC-J5335DWHL-L8260CDWHL-L6412DWDCP-L1632WApeos 4620 SDFMFC-L2960DWDCP-L2508DWHL-L2460DWDCP-J772DWMFC-L3755CDWMFC-T930DWPT-E550W (for US, EU)MFC-1916NWHL-L2375DWMFC-L8610CDWDCP-1617NWPT-E550W (for Tiwan, Hongkong)MFC-4340DWEDocuPrint P360 dwHL-1212WEMFC-J5930DWMFC-EX670WDCP-J4140NPT-P950NWMFC-J5800CDWDCP-L8410CDWDCP-B7600DBMFC-J815DW XLDCP-B7638DNSP 230DNwDCP-L2640DNHL-L9430CDNDCP-L2647DWTD-2350DFMFC-J2340DWDCP-J928N-WBDCP-L3560CDWHL-L3300CDWMFC-L2701DWHL-J7010CDWRJ-4250WBHL-L5215DNHL-L5102DWMFC-J7300CDWe-STUDIO302DNFHL-L6300DWTTD-2130NDCP-T435WDCP-L5650DNMFC-L6810DWPJ-773DocuPrint M375 zMFC-J2330DWMFC-1911NWMFC-L3750CDWMFC-L2760DWMFC-J4940DNPT-E550W (for Russia)PT-E800WMFC-L5710DNDCP-L1638WSP-1HL-L6310DWDocuPrint P260 dwDCP-T535DWMFC-J998DNHL-5595DNHHL-L2390DWQL-1115NWBDCP-1612WMFC-8540DNDCP-L5600DNMFC-J998DWNTD-2135NDCP-7180DNMFC-J5945DWDCP-7190DNMFC-L5702DWHL-L2371DNRJ-3150AiHL-L2365DWDocuPrint P268 dPT-E850TKW (for Tiwan)MFC-L6720DWMFC-J5955DWHL-L6250DNMFC-J1170DWMFC-J890DWMFC-L3730CDNMFC-L6902DWMFC-J5630CDWDCP-J1700DWDCP-L2531DWHL-L5050DNDCP-B7548WMFC-L9610CDNMFC-L6702DWDCP-J987N-BDCP-1618WHL-L5200DWDCP-T439WDocuPrint P268 dwHL-L5228DWMFC-9150CDNHL-L2461DNHL-L2395DWHL-L2365DWRMFC-J4540NDCP-J973N-W/BMFC-L8340CDWDCP-L2532DWRJ-2140HL-L9470CDNDCP-B7520DWMFC-J4345DW XLDCP-B7648DWHL-L3220CWEQL-810WcMFC-L3735CDNMFC-J7700CDWDCP-T825DWHL-L5100DNMFC-J898NHL-1212Wbizhub 3000MFMFC-L2750DWRDocuPrint M260 zHL-L2357DWDocuPrint P375 dwHL-B2100DBDCP-L2540DNRHL-L8360CDWTHL-L2325DWRJ-3050AiQL-1110NWBcMFC-L6820DWMFC-7890DNMFC-J1215WMFC-L5710DWMFC-L5902DWMFC-L2740DWRHL-1223WRDCP-L3555CDWDCP-T735DWMFC-J6945DWMFC-B7811DWRJ-2050HL-L6410DNMFC-L5802DWHL-B2181DWMFC-L5912DWMFC-L5715DWMFC-J2740DWMFC-J805DWMFC-L2820DWXLHL-L8230CDWMFC-L2900DWXLMFC-J6980CDWDCP-J577NHL-L6415DWTD-2320DHL-L1230WDCP-T428WMFC-J6999CDWDCP-J981NDCP-L2551DWDocuPrint M378 dSP-1 (for Japan)DCP-J582NHL-L3240CDWMFC-J3540DWDocuPrint P285 dwDocuPrint P288 dwDCP-T525WDCP-J1203NHL-L2460DNDCP-T710W(for China)DCP-J1200W(XL)MFC-J4440NHL-L6415DWTMFC-J995DWTD-4420DNZDCP-B7578DWMFC-J6930DWMFC-J904NHL-L6217DWMFC-L6800DWHL-L6202DWHL-L2460DWXLMFC-L2712DNDCP-L5602DNDCP-T725DWDocuPrint P235 dHL-2595DWHL-L2467DWHL-L2351DWMFC-L2740DWPT-E850TKW (for UAE)MFC-L2710DWRHL-5590DNMFC-J6583CDWDCP-T510WQL-1110NWBMFC-L2827DWTD-2350DSADCP-L5518DNMFC-J1800DWQL-820NWBHL-L8260CDNDCP-1612WRDocuPrint M378 dfHL-L2352DWMFC-T910DWMFC-J4443NDocuPrint P388 dwMFC-J6535DWDCP-J972NMFC-L5755DWDCP-T520WMFC-L2685DWMFC-L2730DNMFC-L2827DWXLHL-1223WERJ-3050bizhub 5020iHL-L2366DWTD-4420DNDCP-T425WDCP-J987N-WMFC-J5855DW XLMFC-J7500CDWDocuPrint M225 dwTD-2350DDCP-L2550DW(TWN)HL-L3280CDWMFC-J905NMFC-T925DWDocuPrint P275 dwMFC-L2862DWDCP-J914NMFC-L2771DWHL-L2440DWMFC-L6970DWMFC-J6995CDWMFC-L2980DWHL-L2370DWMFC-J4540DW(XL)DCP-L2535DWHL-L6210DWMFC-T4500DWMFC-L2770DWHL-L6402DWMFC-L9630CDNMFC-L5728DWDCP-L2520DWRDCP-L2551DNDCP-L2518DWHL-L2447DWMFC-J1605DNHL-1210WMFC-L2732DWDCP-L3550CDWMFC-J6957DWHL-L2420DWDCP-7189DWHL-L9410CDNDCP-L2530DWDCP-L1630WHL-L1238WMFC-L6750DWMFC-1910WEDCP-L3510CDWMFC-J995DW XLMFC-L6710DWMFC-J3930DWe-STUDIO301DNDCP-L2627DWEPT-E550W (for Vietnum)HL-L3290CDWDocuPrint M225 zDCP-L2548DWMFC-L5717DWHL-2569DWDCP-1610WRMFC-J5345DWDCP-T236HL-B2150WDCP-C1210NMFC-J5740DWMFC-L2717DWMFC-L5750DWMFC-L5900DWDCP-L2550DNMFC-L3770CDWDCP-J1800DWHL-L5210DNMFC-J6947DWHL-EX415DWHL-J6000CDWDCP-L2560DWRHL-1212WRHL-L2405WHL-L6210DWTHL-L6400DWMFC-L2751DWFAX-L2710DNDCP-L2680DWMFC-L6912DWMFC-L2720DWRHL-L5212DWDCP-J978N-W/BMFC-B7800DNMFC-L8390CDWTD-2310DDCP-L2560DWHL-B2180DWBHL-1218WMFC-7880DNHL-3190CDWMFC-1910WDocuPrint M275 zMFC-J5845DW(XL)DCP-C421WDCP-9030CDNHL-L3288CDWMFC-J5340DWMFC-J6959DWMFC-7895DWApeosPrint 4620 SDWMFC-L2807DWbizhub 4020iDCP-J526NMFC-1915WHL-L2370DNHL-L1808WMFC-L8610CDW(for Japan)DCP-L2600DWHL-B2158WMFC-T935DWMFC-L9635CDNDCP-L5660DNDCP-J915NDCP-L2627DWXLDCP-T830DWDocuPrint P378 dwDCP-L2550DWMFC-L6915DN CSPMFC-L2730DWRHL-1222WEMFC-J6530DWHL-B2180DWHL-L2376DWMFC-7889DWDCP-1612WEHL-L2380DWHL-L6200DWQL-820NWBcDCP-1623WRMFC-J5340DWEbizhub 5000iMFC-J1500NDCP-L5512DNNFC-J903NHL-B2188DWbizhub 3080MFMFC-L3740CDWEDCP-J1200WEMFC-B7810DWBMFC-J5730DWMFC-J690DWHL-L2350DWMFC-L2750DWXLHL-1210WRDCP-T226MFC-L6915DNRJ-3150MFC-L5915DWHL-L6418DWDCP-L5510DWMFC-L2885DWHL-L2425DWADS-3000NTD-2350DFSAHL-L3270CDWMFC-L2730DWDCP-T710WHL-L3220CDWMFC-L2860DWDCP-T536DWDocuPrint M285 zHL-L6300DWMFC-L5800DWRJ-2150HL-L6450DWDCP-L3520CDWMFC-L2817DWDCP-J528NMFC-L2710DNDCP-L2550DNRDocuPrint P385 dwMFC-EX910DocuPrint P225 dMFC-L3740CDWDCP-L3515CDWMFC-L2820DWDCP-L1848Wbizhub 4000iMFC-L5700DNDocuPrint M288 dwDocuPrint M385 zMFC-J939DWNDCP-L5510DNHL-L6400DWTPT-P750WDCP-B7658DWDocuPrint M375 dfDCP-L2628DWM 340WMFC-L2860DWEMFC-J738DNHL-L2400DWEMFC-L2880DWDCP-L2605DWHL-L5210DWTMFC-L6950DWDCP-L2648DWDCP-J4143NMFC-L2680WHL-2590DNHL-L3220CWMFC-L3710CDWMFC-L2750DWMFC-B7720DNTD-4550DNWBMFC-T810W(for China)DCP-1610WEPT-E850TKW (for Thailand)HL-L2360DNRMFC-L2716DWPT-E550W (for Koria)HL-L6200DWTHL-L5100DNTDocuPrint P375 dDCP-L2622DWHL-L6250DWDocuPrint M115 fwHL-L5218DNMFC-L9570CDW(for Japan)HL-L2480DWMFC-L2710DWM 340FWDCP-1616NWHL-L2372DNHL-L1232WMFC-L3780CDWMFC-L2805DWMFC-L2710DNRMFC-J6935DWHL-L3228CDWDCP-L2540DWHL-L9310CDWMFC-J3940DWMFC-J6555DW XLMFC-J6580CDWHL-L8360CDWADS-3600WMFC-L8900CDWMFC-J491DWDCP-T510W(for China)MFC-J1010DWDCP-1615NWHL-B2100DMFC-L6915DWDCP-J1200NDCP-L3520CDWEHL-L2865DWMFC-L2720DNDCP-T230DCP-L2520DWMFC-L2920DWDCP-1622WEMFC-L6900DWGMFC-J895DWMFC-B7810DWMFC-L3720CDWHL-L8240CDWDCP-T430WMFC-L3760CDWHL-L2360DWMFC-L3765CDWMFC-J6997CDWFAX-L2700DNDocuPrint M115 wDCP-B7558WDCP-L2600DNFC-EX670MFC-J805DW XLDCP-B7608WPT-E850TKW (for China)DCP-7190DWMFC-L2700DNMFC-J6730DWDCP-B7640DWDCP-J774DWMFC-L2712DWMFC-1919NWDCP-L2552DNMFC-J1012DWHL-2560DNHL-L2305WHL-L2385DWMFC-L2713DWDCP-L2625DWDCP-B7530DNFAX-L2800DWMFC-L2802DNMFC-J6983CDWMFC-J739DNHL-L3230CDWMFC-J6555DWDCP-T720DWDCP-L2627DWMFC-L5718DNMFC-L5715DNDCP-J1100DWDocuPrint M235 dwHL-L6400DWGApeosPrint 4620 SDN (For Asia-Pacific)PT-E550W (for Thailand)HL-J6000DWHL-L2370DNRDCP-B7620DWBDCP-7195DWHL-L6415DNHL-L2445DWMFC-J6940DWDCP-T238HL-L3230CDNDocuPrint P265 dwHL-L5210DWDCP-B7535DWMFC-J4335DW(XL)MFC-J6740DWMFC-L9670CDNDocuPrint M118 wHL-L5215DWMFC-L2700DWRTD-4520DNMFC-1911WMFC-J926N-WBMFC-L2707DWADS-2800WMFC-EX915DWMFC-L2802DWRJ-3250WBMFC-J1300DWMFC-L2861DWDCP-1623WEMFC-T810WDCP-L2620DWMFC-L9570CDWMFC-J2730DWDCP-T225ADS-2400NDCP-7090DWMFC-J7100CDWMFC-L6700DWDCP-T730DWMFC-J1205W(XL)MFC-L3768CDWMFC-J739DWNDCP-B7628DWDCP-B7640DWBMFC-L2700DWMFC-L5700DWMFC-J6955DWMFC-L2715DWDCP-B7650DWMFC-L2703DWHL-L2340DWRDocuPrint M268 dwDCP-L3517CDWDCP-L2541DWMFC-J5855DWMFC-J497DWDocuPrint P115 wDCP-J988NMFC-J6540DWEDCP-L2540DNDCP-L2665DWPT-E850TKW (for Asia pacific, EU, US)HL-3160CDWDCP-L5662DNMFC-L9577CDWHL-L2400DWDCP-L3551CDWDocuPrint M288 zQL-810WHL-L5202DWMFC-J4340DW(XL)MFC-B7715DWDCP-T426WP 201WDCP-L5500DNSP 230SFNwMFC-J7600CDWDCP-B7600DDCP-L6600DWHL-L2340DWMFC-L2880DWXLPT-E550W (for China)ApeosPrint 4620 SDN (For China)MFC-J6540DWHL-JF1MFC-J5330DWPJ-883DCP-L3568CDWHL-L2375DWRDCP-L5502DNMFC-L2806DWMFC-9350CDWHL-T4000DWTD-2120NMFC-1912WRHL-L6415DN CSPPT-E850TKW (for Koria)HL-B2050DNMFC-L2705DWDCP-J587NHL-L2315DWDocuPrint M235 zTD-2320DFMFC-L6910DNMFC-L2720DWPT-P900WcDCP-J572NDCP-L2530DWRHL-5595DNHL-L5200DWTDCP-J1800NHL-L2360DNDCP-T530DWHL-J6100DWDCP-B7620DWDCP-L5652DNDCP-L5610DNHL-1211WHL-L2464DWHL-L3215CWHL-L2350DWRDCP-L2537DWMFC-L8395CDWMFC-J738DWNHL-L2465DWHL-L2475DWPT-P900WDCP-J1050DWDCP-T220DCP-J1140DWMFC-8530DNDCP-1610W
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51981
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.70%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 07:23
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

Action-Not Available
Vendor-Toshiba TecFUJIFILM Business InnovationKonica Minolta, Inc.Brother Industries, LtdRicoh Company, Ltd.
Product-HL-L3210CWDCP-L2640DWMFC-L2690DWHL-L3295CDWTD-2320DSAMFC-L3745CDWDCP-T420WHL-J6010DWHL-EX470WHL-L8245CDWDCP-J572DWMFC-J893NMFC-J4440DWMFC-L2900DWDCP-L3528CDWMFC-L2886DWHL-L2386DWDCP-J4543NPT-E850TKW (for Vietnum)MFC-L8690CDWDCP-J982N-W/BHL-1210WEDocuPrint P118 wTD-2125NDocuPrint M265 zDocuPrint M115 zMFC-L5850DWDCP-T835DWHL-L5212DNMFC-T920DWDocuPrint M268 zDocuPrint M118 zMFC-J3530DWHL-L2370DWXLDocuPrint P378 dMFC-L2715DW(for Tiwan, Koria)MFC-J939DNDCP-T436WMFC-L2835DWMFC-L2922DWMFC-L2800DWDCP-L2660DWMFC-J4535DW(XL)HL-B2080DWMFC-J5830DWMFC-L6900DWMFC-L2765DWMFC-L2700DW(ASA)DCP-T820DWPT-D800WMFC-J5335DWHL-L8260CDWHL-L6412DWDCP-L1632WMFC-L2960DWDCP-L2508DWHL-L2460DWDCP-J772DWMFC-L3755CDWMFC-T930DWPT-E550W (for US, EU)MFC-1916NWHL-L2375DWMFC-L8610CDWDCP-1617NWPT-E550W (for Tiwan, Hongkong)MFC-4340DWEDocuPrint P360 dwHL-1212WEMFC-J5930DWMFC-EX670WDCP-J4140NPT-P950NWMFC-J5800CDWDCP-L8410CDWDCP-B7600DBMFC-J815DW XLDCP-B7638DNSP 230DNwDCP-L2640DNHL-L9430CDNDCP-L2647DWTD-2350DFMFC-J2340DWDCP-J928N-WBDCP-L3560CDWHL-L3300CDWMFC-L2701DWHL-J7010CDWRJ-4250WBHL-L5215DNHL-L5102DWMFC-J7300CDWe-STUDIO302DNFHL-L6300DWTTD-2130NDCP-T435WDCP-L5650DNMFC-L6810DWPJ-773DocuPrint M375 zMFC-J2330DWMFC-1911NWMFC-L3750CDWMFC-L2760DWMFC-J4940DNPT-E550W (for Russia)PT-E800WMFC-L5710DNDCP-L1638WSP-1HL-L6310DWDocuPrint P260 dwDCP-T535DWMFC-J998DNHL-5595DNHHL-L2390DWQL-1115NWBDCP-1612WMFC-8540DNDCP-L5600DNMFC-J998DWNTD-2135NDCP-7180DNMFC-J5945DWDCP-7190DNMFC-L5702DWHL-L2371DNRJ-3150AiHL-L2365DWDocuPrint P268 dPT-E850TKW (for Tiwan)MFC-L6720DWMFC-J5955DWHL-L6250DNMFC-J1170DWMFC-J890DWMFC-L3730CDNMFC-L6902DWMFC-J5630CDWDCP-J1700DWDCP-L2531DWHL-L5050DNDCP-B7548WMFC-L9610CDNMFC-L6702DWDCP-J987N-BDCP-1618WHL-L5200DWDCP-T439WDocuPrint P268 dwHL-L5228DWMFC-9150CDNHL-L2461DNHL-L2395DWHL-L2365DWRMFC-J4540NDCP-J973N-W/BMFC-L8340CDWDCP-L2532DWRJ-2140HL-L9470CDNDCP-B7520DWMFC-J4345DW XLDCP-B7648DWHL-L3220CWEQL-810WcMFC-L3735CDNMFC-J7700CDWDCP-T825DWHL-L5100DNMFC-J898NHL-1212Wbizhub 3000MFMFC-L2750DWRDocuPrint M260 zHL-L2357DWDocuPrint P375 dwHL-B2100DBDCP-L2540DNRHL-L8360CDWTHL-L2325DWRJ-3050AiQL-1110NWBcMFC-L6820DWMFC-7890DNMFC-J1215WMFC-L5710DWMFC-L5902DWMFC-L2740DWRHL-1223WRDCP-L3555CDWDCP-T735DWMFC-J6945DWMFC-B7811DWRJ-2050HL-L6410DNMFC-L5802DWHL-B2181DWMFC-L5912DWMFC-L5715DWMFC-J2740DWMFC-J805DWMFC-L2820DWXLHL-L8230CDWMFC-L2900DWXLMFC-J6980CDWDCP-J577NHL-L6415DWTD-2320DHL-L1230WDCP-T428WMFC-J6999CDWDCP-J981NDCP-L2551DWDocuPrint M378 dSP-1 (for Japan)DCP-J582NHL-L3240CDWMFC-J3540DWDocuPrint P285 dwDocuPrint P288 dwDCP-T525WDCP-J1203NHL-L2460DNDCP-T710W(for China)DCP-J1200W(XL)MFC-J4440NHL-L6415DWTMFC-J995DWTD-4420DNZDCP-B7578DWMFC-J6930DWMFC-J904NHL-L6217DWMFC-L6800DWHL-L6202DWHL-L2460DWXLMFC-L2712DNDCP-L5602DNDCP-T725DWDocuPrint P235 dHL-2595DWHL-L2467DWHL-L2351DWMFC-L2740DWPT-E850TKW (for UAE)MFC-L2710DWRHL-5590DNMFC-J6583CDWDCP-T510WQL-1110NWBMFC-L2827DWTD-2350DSADCP-L5518DNMFC-J1800DWQL-820NWBHL-L8260CDNDCP-1612WRDocuPrint M378 dfHL-L2352DWMFC-T910DWMFC-J4443NDocuPrint P388 dwMFC-J6535DWDCP-J972NMFC-L5755DWDCP-T520WMFC-L2685DWMFC-L2730DNMFC-L2827DWXLHL-1223WERJ-3050bizhub 5020iHL-L2366DWTD-4420DNDCP-T425WDCP-J987N-WMFC-J5855DW XLMFC-J7500CDWDocuPrint M225 dwTD-2350DDCP-L2550DW(TWN)HL-L3280CDWMFC-J905NMFC-T925DWDocuPrint P275 dwMFC-L2862DWDCP-J914NMFC-L2771DWHL-L2440DWMFC-L6970DWMFC-J6995CDWMFC-L2980DWHL-L2370DWMFC-J4540DW(XL)DCP-L2535DWHL-L6210DWMFC-T4500DWMFC-L2770DWHL-L6402DWMFC-L9630CDNMFC-L5728DWDCP-L2520DWRDCP-L2551DNDCP-L2518DWHL-L2447DWMFC-J1605DNHL-1210WMFC-L2732DWDCP-L3550CDWMFC-J6957DWHL-L2420DWDCP-7189DWHL-L9410CDNDCP-L2530DWDCP-L1630WHL-L1238WMFC-L6750DWMFC-1910WEDCP-L3510CDWMFC-J995DW XLMFC-L6710DWMFC-J3930DWe-STUDIO301DNDCP-L2627DWEPT-E550W (for Vietnum)HL-L3290CDWDocuPrint M225 zDCP-L2548DWMFC-L5717DWHL-2569DWDCP-1610WRMFC-J5345DWDCP-T236HL-B2150WDCP-C1210NMFC-J5740DWMFC-L2717DWMFC-L5750DWMFC-L5900DWDCP-L2550DNMFC-L3770CDWDCP-J1800DWHL-L5210DNMFC-J6947DWHL-EX415DWHL-J6000CDWDCP-L2560DWRHL-1212WRHL-L2405WHL-L6210DWTHL-L6400DWMFC-L2751DWFAX-L2710DNDCP-L2680DWMFC-L6912DWMFC-L2720DWRHL-L5212DWDCP-J978N-W/BMFC-B7800DNMFC-L8390CDWTD-2310DDCP-L2560DWHL-B2180DWBHL-1218WMFC-7880DNHL-3190CDWMFC-1910WDocuPrint M275 zMFC-J5845DW(XL)DCP-C421WDCP-9030CDNHL-L3288CDWMFC-J5340DWMFC-J6959DWMFC-7895DWMFC-L2807DWbizhub 4020iDCP-J526NMFC-1915WHL-L2370DNHL-L1808WMFC-L8610CDW(for Japan)DCP-L2600DWHL-B2158WMFC-T935DWMFC-L9635CDNDCP-L5660DNDCP-J915NDCP-L2627DWXLDCP-T830DWDocuPrint P378 dwDCP-L2550DWMFC-L6915DN CSPMFC-L2730DWRHL-1222WEMFC-J6530DWHL-B2180DWHL-L2376DWMFC-7889DWDCP-1612WEHL-L2380DWHL-L6200DWQL-820NWBcDCP-1623WRMFC-J5340DWEbizhub 5000iMFC-J1500NDCP-L5512DNNFC-J903NHL-B2188DWbizhub 3080MFMFC-L3740CDWEDCP-J1200WEMFC-B7810DWBMFC-J5730DWMFC-J690DWHL-L2350DWMFC-L2750DWXLHL-1210WRDCP-T226MFC-L6915DNRJ-3150MFC-L5915DWHL-L6418DWDCP-L5510DWMFC-L2885DWHL-L2425DWADS-3000NTD-2350DFSAHL-L3270CDWMFC-L2730DWDCP-T710WHL-L3220CDWMFC-L2860DWDCP-T536DWDocuPrint M285 zHL-L6300DWMFC-L5800DWRJ-2150HL-L6450DWDCP-L3520CDWMFC-L2817DWDCP-J528NMFC-L2710DNDCP-L2550DNRDocuPrint P385 dwMFC-EX910DocuPrint P225 dMFC-L3740CDWDCP-L3515CDWMFC-L2820DWDCP-L1848Wbizhub 4000iMFC-L5700DNDocuPrint M288 dwDocuPrint M385 zMFC-J939DWNDCP-L5510DNHL-L6400DWTPT-P750WDCP-B7658DWDocuPrint M375 dfDCP-L2628DWM 340WMFC-L2860DWEMFC-J738DNHL-L2400DWEMFC-L2880DWDCP-L2605DWHL-L5210DWTMFC-L6950DWDCP-L2648DWDCP-J4143NMFC-L2680WHL-2590DNHL-L3220CWMFC-L3710CDWMFC-L2750DWMFC-B7720DNTD-4550DNWBMFC-T810W(for China)DCP-1610WEPT-E850TKW (for Thailand)HL-L2360DNRMFC-L2716DWPT-E550W (for Koria)HL-L6200DWTHL-L5100DNTDocuPrint P375 dDCP-L2622DWHL-L6250DWDocuPrint M115 fwHL-L5218DNMFC-L9570CDW(for Japan)HL-L2480DWMFC-L2710DWM 340FWDCP-1616NWHL-L2372DNHL-L1232WMFC-L3780CDWMFC-L2805DWMFC-L2710DNRMFC-J6935DWHL-L3228CDWDCP-L2540DWHL-L9310CDWMFC-J3940DWMFC-J6555DW XLMFC-J6580CDWHL-L8360CDWADS-3600WMFC-L8900CDWMFC-J491DWDCP-T510W(for China)MFC-J1010DWDCP-1615NWHL-B2100DMFC-L6915DWDCP-J1200NDCP-L3520CDWEHL-L2865DWMFC-L2720DNDCP-T230DCP-L2520DWMFC-L2920DWDCP-1622WEMFC-L6900DWGMFC-J895DWMFC-B7810DWMFC-L3720CDWHL-L8240CDWDCP-T430WMFC-L3760CDWHL-L2360DWMFC-L3765CDWMFC-J6997CDWFAX-L2700DNDocuPrint M115 wDCP-B7558WDCP-L2600DNFC-EX670MFC-J805DW XLDCP-B7608WPT-E850TKW (for China)DCP-7190DWMFC-L2700DNMFC-J6730DWDCP-B7640DWDCP-J774DWMFC-L2712DWMFC-1919NWDCP-L2552DNMFC-J1012DWHL-2560DNHL-L2305WHL-L2385DWMFC-L2713DWDCP-L2625DWDCP-B7530DNFAX-L2800DWMFC-L2802DNMFC-J6983CDWMFC-J739DNHL-L3230CDWMFC-J6555DWDCP-T720DWDCP-L2627DWMFC-L5718DNMFC-L5715DNDCP-J1100DWDocuPrint M235 dwHL-L6400DWGPT-E550W (for Thailand)HL-J6000DWHL-L2370DNRDCP-B7620DWBDCP-7195DWHL-L6415DNHL-L2445DWMFC-J6940DWDCP-T238HL-L3230CDNDocuPrint P265 dwHL-L5210DWDCP-B7535DWMFC-J4335DW(XL)MFC-J6740DWMFC-L9670CDNDocuPrint M118 wHL-L5215DWMFC-L2700DWRTD-4520DNMFC-1911WMFC-J926N-WBMFC-L2707DWADS-2800WMFC-EX915DWMFC-L2802DWRJ-3250WBMFC-J1300DWMFC-L2861DWDCP-1623WEMFC-T810WDCP-L2620DWMFC-L9570CDWMFC-J2730DWDCP-T225ADS-2400NDCP-7090DWMFC-J7100CDWMFC-L6700DWDCP-T730DWMFC-J1205W(XL)MFC-L3768CDWMFC-J739DWNDCP-B7628DWDCP-B7640DWBMFC-L2700DWMFC-L5700DWMFC-J6955DWMFC-L2715DWDCP-B7650DWMFC-L2703DWHL-L2340DWRDocuPrint M268 dwDCP-L3517CDWDCP-L2541DWMFC-J5855DWMFC-J497DWDocuPrint P115 wDCP-J988NMFC-J6540DWEDCP-L2540DNDCP-L2665DWPT-E850TKW (for Asia pacific, EU, US)HL-3160CDWDCP-L5662DNMFC-L9577CDWHL-L2400DWDCP-L3551CDWDocuPrint M288 zQL-810WHL-L5202DWMFC-J4340DW(XL)MFC-B7715DWDCP-T426WP 201WDCP-L5500DNSP 230SFNwMFC-J7600CDWDCP-B7600DDCP-L6600DWHL-L2340DWMFC-L2880DWXLPT-E550W (for China)MFC-J6540DWHL-JF1MFC-J5330DWPJ-883DCP-L3568CDWHL-L2375DWRDCP-L5502DNMFC-L2806DWMFC-9350CDWHL-T4000DWTD-2120NMFC-1912WRHL-L6415DN CSPPT-E850TKW (for Koria)HL-B2050DNMFC-L2705DWDCP-J587NHL-L2315DWDocuPrint M235 zTD-2320DFMFC-L6910DNMFC-L2720DWPT-P900WcDCP-J572NDCP-L2530DWRHL-5595DNHL-L5200DWTDCP-J1800NHL-L2360DNDCP-T530DWHL-J6100DWDCP-B7620DWDCP-L5652DNDCP-L5610DNHL-1211WHL-L2464DWHL-L3215CWHL-L2350DWRDCP-L2537DWMFC-L8395CDWMFC-J738DWNHL-L2465DWHL-L2475DWPT-P900WDCP-J1050DWDCP-T220DCP-J1140DWMFC-8530DNDCP-1610W
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2024-4894
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.03%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 02:53
Updated-01 Aug, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ITPison OMICARD EDM - Server-Side Request Forgery

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.

Action-Not Available
Vendor-ITPisonitpison
Product-OMICARD EDMomicard_edm
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-25236
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 61.13%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 19:36
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsworry-free_business_securityofficescanTrend Micro OfficeScanTrend Micro Worry-Free Business Security
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-6308
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-84.44% / 99.28%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 13:31
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Services)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found