Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-29035

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-17 Apr, 2024 | 14:20
Updated At-02 Aug, 2024 | 01:03
Rejected At-
Credits

Umbraco's Blind SSRF Leads to Port Scan by using Webhooks

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:17 Apr, 2024 | 14:20
Updated At:02 Aug, 2024 | 01:03
Rejected At:
▼CVE Numbering Authority (CNA)
Umbraco's Blind SSRF Leads to Port Scan by using Webhooks

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

Affected Products
Vendor
Umbraco A/S (Umbraco)umbraco
Product
Umbraco-CMS
Versions
Affected
  • >= 13.0.0 , <13.1.1
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.14.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
x_refsource_CONFIRM
https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
x_refsource_MISC
Hyperlink: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Umbraco A/S (Umbraco)umbraco
Product
umbraco_cms
CPEs
  • cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 13.0.0 before 13.1.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
x_refsource_CONFIRM
x_transferred
https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:17 Apr, 2024 | 15:15
Updated At:12 Feb, 2025 | 15:26

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Umbraco A/S (Umbraco)
umbraco
>>umbraco_cms>>Versions from 13.0.0(inclusive) to 13.1.1(exclusive)
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Secondarysecurity-advisories@github.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-918
Type: Secondary
Source: security-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0security-advisories@github.com
Patch
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3security-advisories@github.com
Vendor Advisory
https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

107Records found
CVE-2024-52602
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.10% / 28.34%
||
7 Day CHG+0.01%
Published-16 Jan, 2025 | 19:14
Updated-20 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.

Action-Not Available
Vendor-t2bott2bot
Product-matrix-media-repomatrix-media-repo
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51980
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.27%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 07:22
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Action-Not Available
Vendor-Toshiba TecFUJIFILM Business InnovationKonica Minolta, Inc.Brother Industries, LtdRicoh Company, Ltd.
Product-HL-L3210CWDCP-L2640DWMFC-L2690DWHL-L3295CDWTD-2320DSAMFC-L3745CDWDCP-T420WHL-J6010DWHL-EX470WHL-L8245CDWDCP-J572DWMFC-J893NMFC-J4440DWMFC-L2900DWDCP-L3528CDWMFC-L2886DWHL-L2386DWDCP-J4543NPT-E850TKW (for Vietnum)Apeos 4620 SXMFC-L8690CDWDCP-J982N-W/BHL-1210WEDocuPrint P118 wTD-2125NDocuPrint M265 zDocuPrint M115 zMFC-L5850DWDCP-T835DWHL-L5212DNMFC-T920DWDocuPrint M268 zDocuPrint M118 zMFC-J3530DWHL-L2370DWXLDocuPrint P378 dMFC-L2715DW(for Tiwan, Koria)MFC-J939DNDCP-T436WMFC-L2835DWMFC-L2922DWMFC-L2800DWDCP-L2660DWMFC-J4535DW(XL)HL-B2080DWMFC-J5830DWMFC-L6900DWMFC-L2765DWMFC-L2700DW(ASA)DCP-T820DWApeos 4620 SZPT-D800WMFC-J5335DWHL-L8260CDWHL-L6412DWDCP-L1632WApeos 4620 SDFMFC-L2960DWDCP-L2508DWHL-L2460DWDCP-J772DWMFC-L3755CDWMFC-T930DWPT-E550W (for US, EU)MFC-1916NWHL-L2375DWMFC-L8610CDWDCP-1617NWPT-E550W (for Tiwan, Hongkong)MFC-4340DWEDocuPrint P360 dwHL-1212WEMFC-J5930DWMFC-EX670WDCP-J4140NPT-P950NWMFC-J5800CDWDCP-L8410CDWDCP-B7600DBMFC-J815DW XLDCP-B7638DNSP 230DNwDCP-L2640DNHL-L9430CDNDCP-L2647DWTD-2350DFMFC-J2340DWDCP-J928N-WBDCP-L3560CDWHL-L3300CDWMFC-L2701DWHL-J7010CDWRJ-4250WBHL-L5215DNHL-L5102DWMFC-J7300CDWe-STUDIO302DNFHL-L6300DWTTD-2130NDCP-T435WDCP-L5650DNMFC-L6810DWPJ-773DocuPrint M375 zMFC-J2330DWMFC-1911NWMFC-L3750CDWMFC-L2760DWMFC-J4940DNPT-E550W (for Russia)PT-E800WMFC-L5710DNDCP-L1638WSP-1HL-L6310DWDocuPrint P260 dwDCP-T535DWMFC-J998DNHL-5595DNHHL-L2390DWQL-1115NWBDCP-1612WMFC-8540DNDCP-L5600DNMFC-J998DWNTD-2135NDCP-7180DNMFC-J5945DWDCP-7190DNMFC-L5702DWHL-L2371DNRJ-3150AiHL-L2365DWDocuPrint P268 dPT-E850TKW (for Tiwan)MFC-L6720DWMFC-J5955DWHL-L6250DNMFC-J1170DWMFC-J890DWMFC-L3730CDNMFC-L6902DWMFC-J5630CDWDCP-J1700DWDCP-L2531DWHL-L5050DNDCP-B7548WMFC-L9610CDNMFC-L6702DWDCP-J987N-BDCP-1618WHL-L5200DWDCP-T439WDocuPrint P268 dwHL-L5228DWMFC-9150CDNHL-L2461DNHL-L2395DWHL-L2365DWRMFC-J4540NDCP-J973N-W/BMFC-L8340CDWDCP-L2532DWRJ-2140HL-L9470CDNDCP-B7520DWMFC-J4345DW XLDCP-B7648DWHL-L3220CWEQL-810WcMFC-L3735CDNMFC-J7700CDWDCP-T825DWHL-L5100DNMFC-J898NHL-1212Wbizhub 3000MFMFC-L2750DWRDocuPrint M260 zHL-L2357DWDocuPrint P375 dwHL-B2100DBDCP-L2540DNRHL-L8360CDWTHL-L2325DWRJ-3050AiQL-1110NWBcMFC-L6820DWMFC-7890DNMFC-J1215WMFC-L5710DWMFC-L5902DWMFC-L2740DWRHL-1223WRDCP-L3555CDWDCP-T735DWMFC-J6945DWMFC-B7811DWRJ-2050HL-L6410DNMFC-L5802DWHL-B2181DWMFC-L5912DWMFC-L5715DWMFC-J2740DWMFC-J805DWMFC-L2820DWXLHL-L8230CDWMFC-L2900DWXLMFC-J6980CDWDCP-J577NHL-L6415DWTD-2320DHL-L1230WDCP-T428WMFC-J6999CDWDCP-J981NDCP-L2551DWDocuPrint M378 dSP-1 (for Japan)DCP-J582NHL-L3240CDWMFC-J3540DWDocuPrint P285 dwDocuPrint P288 dwDCP-T525WDCP-J1203NHL-L2460DNDCP-T710W(for China)DCP-J1200W(XL)MFC-J4440NHL-L6415DWTMFC-J995DWTD-4420DNZDCP-B7578DWMFC-J6930DWMFC-J904NHL-L6217DWMFC-L6800DWHL-L6202DWHL-L2460DWXLMFC-L2712DNDCP-L5602DNDCP-T725DWDocuPrint P235 dHL-2595DWHL-L2467DWHL-L2351DWMFC-L2740DWPT-E850TKW (for UAE)MFC-L2710DWRHL-5590DNMFC-J6583CDWDCP-T510WQL-1110NWBMFC-L2827DWTD-2350DSADCP-L5518DNMFC-J1800DWQL-820NWBHL-L8260CDNDCP-1612WRDocuPrint M378 dfHL-L2352DWMFC-T910DWMFC-J4443NDocuPrint P388 dwMFC-J6535DWDCP-J972NMFC-L5755DWDCP-T520WMFC-L2685DWMFC-L2730DNMFC-L2827DWXLHL-1223WERJ-3050bizhub 5020iHL-L2366DWTD-4420DNDCP-T425WDCP-J987N-WMFC-J5855DW XLMFC-J7500CDWDocuPrint M225 dwTD-2350DDCP-L2550DW(TWN)HL-L3280CDWMFC-J905NMFC-T925DWDocuPrint P275 dwMFC-L2862DWDCP-J914NMFC-L2771DWHL-L2440DWMFC-L6970DWMFC-J6995CDWMFC-L2980DWHL-L2370DWMFC-J4540DW(XL)DCP-L2535DWHL-L6210DWMFC-T4500DWMFC-L2770DWHL-L6402DWMFC-L9630CDNMFC-L5728DWDCP-L2520DWRDCP-L2551DNDCP-L2518DWHL-L2447DWMFC-J1605DNHL-1210WMFC-L2732DWDCP-L3550CDWMFC-J6957DWHL-L2420DWDCP-7189DWHL-L9410CDNDCP-L2530DWDCP-L1630WHL-L1238WMFC-L6750DWMFC-1910WEDCP-L3510CDWMFC-J995DW XLMFC-L6710DWMFC-J3930DWe-STUDIO301DNDCP-L2627DWEPT-E550W (for Vietnum)HL-L3290CDWDocuPrint M225 zDCP-L2548DWMFC-L5717DWHL-2569DWDCP-1610WRMFC-J5345DWDCP-T236HL-B2150WDCP-C1210NMFC-J5740DWMFC-L2717DWMFC-L5750DWMFC-L5900DWDCP-L2550DNMFC-L3770CDWDCP-J1800DWHL-L5210DNMFC-J6947DWHL-EX415DWHL-J6000CDWDCP-L2560DWRHL-1212WRHL-L2405WHL-L6210DWTHL-L6400DWMFC-L2751DWFAX-L2710DNDCP-L2680DWMFC-L6912DWMFC-L2720DWRHL-L5212DWDCP-J978N-W/BMFC-B7800DNMFC-L8390CDWTD-2310DDCP-L2560DWHL-B2180DWBHL-1218WMFC-7880DNHL-3190CDWMFC-1910WDocuPrint M275 zMFC-J5845DW(XL)DCP-C421WDCP-9030CDNHL-L3288CDWMFC-J5340DWMFC-J6959DWMFC-7895DWApeosPrint 4620 SDWMFC-L2807DWbizhub 4020iDCP-J526NMFC-1915WHL-L2370DNHL-L1808WMFC-L8610CDW(for Japan)DCP-L2600DWHL-B2158WMFC-T935DWMFC-L9635CDNDCP-L5660DNDCP-J915NDCP-L2627DWXLDCP-T830DWDocuPrint P378 dwDCP-L2550DWMFC-L6915DN CSPMFC-L2730DWRHL-1222WEMFC-J6530DWHL-B2180DWHL-L2376DWMFC-7889DWDCP-1612WEHL-L2380DWHL-L6200DWQL-820NWBcDCP-1623WRMFC-J5340DWEbizhub 5000iMFC-J1500NDCP-L5512DNNFC-J903NHL-B2188DWbizhub 3080MFMFC-L3740CDWEDCP-J1200WEMFC-B7810DWBMFC-J5730DWMFC-J690DWHL-L2350DWMFC-L2750DWXLHL-1210WRDCP-T226MFC-L6915DNRJ-3150MFC-L5915DWHL-L6418DWDCP-L5510DWMFC-L2885DWHL-L2425DWADS-3000NTD-2350DFSAHL-L3270CDWMFC-L2730DWDCP-T710WHL-L3220CDWMFC-L2860DWDCP-T536DWDocuPrint M285 zHL-L6300DWMFC-L5800DWRJ-2150HL-L6450DWDCP-L3520CDWMFC-L2817DWDCP-J528NMFC-L2710DNDCP-L2550DNRDocuPrint P385 dwMFC-EX910DocuPrint P225 dMFC-L3740CDWDCP-L3515CDWMFC-L2820DWDCP-L1848Wbizhub 4000iMFC-L5700DNDocuPrint M288 dwDocuPrint M385 zMFC-J939DWNDCP-L5510DNHL-L6400DWTPT-P750WDCP-B7658DWDocuPrint M375 dfDCP-L2628DWM 340WMFC-L2860DWEMFC-J738DNHL-L2400DWEMFC-L2880DWDCP-L2605DWHL-L5210DWTMFC-L6950DWDCP-L2648DWDCP-J4143NMFC-L2680WHL-2590DNHL-L3220CWMFC-L3710CDWMFC-L2750DWMFC-B7720DNTD-4550DNWBMFC-T810W(for China)DCP-1610WEPT-E850TKW (for Thailand)HL-L2360DNRMFC-L2716DWPT-E550W (for Koria)HL-L6200DWTHL-L5100DNTDocuPrint P375 dDCP-L2622DWHL-L6250DWDocuPrint M115 fwHL-L5218DNMFC-L9570CDW(for Japan)HL-L2480DWMFC-L2710DWM 340FWDCP-1616NWHL-L2372DNHL-L1232WMFC-L3780CDWMFC-L2805DWMFC-L2710DNRMFC-J6935DWHL-L3228CDWDCP-L2540DWHL-L9310CDWMFC-J3940DWMFC-J6555DW XLMFC-J6580CDWHL-L8360CDWADS-3600WMFC-L8900CDWMFC-J491DWDCP-T510W(for China)MFC-J1010DWDCP-1615NWHL-B2100DMFC-L6915DWDCP-J1200NDCP-L3520CDWEHL-L2865DWMFC-L2720DNDCP-T230DCP-L2520DWMFC-L2920DWDCP-1622WEMFC-L6900DWGMFC-J895DWMFC-B7810DWMFC-L3720CDWHL-L8240CDWDCP-T430WMFC-L3760CDWHL-L2360DWMFC-L3765CDWMFC-J6997CDWFAX-L2700DNDocuPrint M115 wDCP-B7558WDCP-L2600DNFC-EX670MFC-J805DW XLDCP-B7608WPT-E850TKW (for China)DCP-7190DWMFC-L2700DNMFC-J6730DWDCP-B7640DWDCP-J774DWMFC-L2712DWMFC-1919NWDCP-L2552DNMFC-J1012DWHL-2560DNHL-L2305WHL-L2385DWMFC-L2713DWDCP-L2625DWDCP-B7530DNFAX-L2800DWMFC-L2802DNMFC-J6983CDWMFC-J739DNHL-L3230CDWMFC-J6555DWDCP-T720DWDCP-L2627DWMFC-L5718DNMFC-L5715DNDCP-J1100DWDocuPrint M235 dwHL-L6400DWGApeosPrint 4620 SDN (For Asia-Pacific)PT-E550W (for Thailand)HL-J6000DWHL-L2370DNRDCP-B7620DWBDCP-7195DWHL-L6415DNHL-L2445DWMFC-J6940DWDCP-T238HL-L3230CDNDocuPrint P265 dwHL-L5210DWDCP-B7535DWMFC-J4335DW(XL)MFC-J6740DWMFC-L9670CDNDocuPrint M118 wHL-L5215DWMFC-L2700DWRTD-4520DNMFC-1911WMFC-J926N-WBMFC-L2707DWADS-2800WMFC-EX915DWMFC-L2802DWRJ-3250WBMFC-J1300DWMFC-L2861DWDCP-1623WEMFC-T810WDCP-L2620DWMFC-L9570CDWMFC-J2730DWDCP-T225ADS-2400NDCP-7090DWMFC-J7100CDWMFC-L6700DWDCP-T730DWMFC-J1205W(XL)MFC-L3768CDWMFC-J739DWNDCP-B7628DWDCP-B7640DWBMFC-L2700DWMFC-L5700DWMFC-J6955DWMFC-L2715DWDCP-B7650DWMFC-L2703DWHL-L2340DWRDocuPrint M268 dwDCP-L3517CDWDCP-L2541DWMFC-J5855DWMFC-J497DWDocuPrint P115 wDCP-J988NMFC-J6540DWEDCP-L2540DNDCP-L2665DWPT-E850TKW (for Asia pacific, EU, US)HL-3160CDWDCP-L5662DNMFC-L9577CDWHL-L2400DWDCP-L3551CDWDocuPrint M288 zQL-810WHL-L5202DWMFC-J4340DW(XL)MFC-B7715DWDCP-T426WP 201WDCP-L5500DNSP 230SFNwMFC-J7600CDWDCP-B7600DDCP-L6600DWHL-L2340DWMFC-L2880DWXLPT-E550W (for China)ApeosPrint 4620 SDN (For China)MFC-J6540DWHL-JF1MFC-J5330DWPJ-883DCP-L3568CDWHL-L2375DWRDCP-L5502DNMFC-L2806DWMFC-9350CDWHL-T4000DWTD-2120NMFC-1912WRHL-L6415DN CSPPT-E850TKW (for Koria)HL-B2050DNMFC-L2705DWDCP-J587NHL-L2315DWDocuPrint M235 zTD-2320DFMFC-L6910DNMFC-L2720DWPT-P900WcDCP-J572NDCP-L2530DWRHL-5595DNHL-L5200DWTDCP-J1800NHL-L2360DNDCP-T530DWHL-J6100DWDCP-B7620DWDCP-L5652DNDCP-L5610DNHL-1211WHL-L2464DWHL-L3215CWHL-L2350DWRDCP-L2537DWMFC-L8395CDWMFC-J738DWNHL-L2465DWHL-L2475DWPT-P900WDCP-J1050DWDCP-T220DCP-J1140DWMFC-8530DNDCP-1610W
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51981
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.68%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 07:23
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

Action-Not Available
Vendor-Toshiba TecFUJIFILM Business InnovationKonica Minolta, Inc.Brother Industries, LtdRicoh Company, Ltd.
Product-HL-L3210CWDCP-L2640DWMFC-L2690DWHL-L3295CDWTD-2320DSAMFC-L3745CDWDCP-T420WHL-J6010DWHL-EX470WHL-L8245CDWDCP-J572DWMFC-J893NMFC-J4440DWMFC-L2900DWDCP-L3528CDWMFC-L2886DWHL-L2386DWDCP-J4543NPT-E850TKW (for Vietnum)MFC-L8690CDWDCP-J982N-W/BHL-1210WEDocuPrint P118 wTD-2125NDocuPrint M265 zDocuPrint M115 zMFC-L5850DWDCP-T835DWHL-L5212DNMFC-T920DWDocuPrint M268 zDocuPrint M118 zMFC-J3530DWHL-L2370DWXLDocuPrint P378 dMFC-L2715DW(for Tiwan, Koria)MFC-J939DNDCP-T436WMFC-L2835DWMFC-L2922DWMFC-L2800DWDCP-L2660DWMFC-J4535DW(XL)HL-B2080DWMFC-J5830DWMFC-L6900DWMFC-L2765DWMFC-L2700DW(ASA)DCP-T820DWPT-D800WMFC-J5335DWHL-L8260CDWHL-L6412DWDCP-L1632WMFC-L2960DWDCP-L2508DWHL-L2460DWDCP-J772DWMFC-L3755CDWMFC-T930DWPT-E550W (for US, EU)MFC-1916NWHL-L2375DWMFC-L8610CDWDCP-1617NWPT-E550W (for Tiwan, Hongkong)MFC-4340DWEDocuPrint P360 dwHL-1212WEMFC-J5930DWMFC-EX670WDCP-J4140NPT-P950NWMFC-J5800CDWDCP-L8410CDWDCP-B7600DBMFC-J815DW XLDCP-B7638DNSP 230DNwDCP-L2640DNHL-L9430CDNDCP-L2647DWTD-2350DFMFC-J2340DWDCP-J928N-WBDCP-L3560CDWHL-L3300CDWMFC-L2701DWHL-J7010CDWRJ-4250WBHL-L5215DNHL-L5102DWMFC-J7300CDWe-STUDIO302DNFHL-L6300DWTTD-2130NDCP-T435WDCP-L5650DNMFC-L6810DWPJ-773DocuPrint M375 zMFC-J2330DWMFC-1911NWMFC-L3750CDWMFC-L2760DWMFC-J4940DNPT-E550W (for Russia)PT-E800WMFC-L5710DNDCP-L1638WSP-1HL-L6310DWDocuPrint P260 dwDCP-T535DWMFC-J998DNHL-5595DNHHL-L2390DWQL-1115NWBDCP-1612WMFC-8540DNDCP-L5600DNMFC-J998DWNTD-2135NDCP-7180DNMFC-J5945DWDCP-7190DNMFC-L5702DWHL-L2371DNRJ-3150AiHL-L2365DWDocuPrint P268 dPT-E850TKW (for Tiwan)MFC-L6720DWMFC-J5955DWHL-L6250DNMFC-J1170DWMFC-J890DWMFC-L3730CDNMFC-L6902DWMFC-J5630CDWDCP-J1700DWDCP-L2531DWHL-L5050DNDCP-B7548WMFC-L9610CDNMFC-L6702DWDCP-J987N-BDCP-1618WHL-L5200DWDCP-T439WDocuPrint P268 dwHL-L5228DWMFC-9150CDNHL-L2461DNHL-L2395DWHL-L2365DWRMFC-J4540NDCP-J973N-W/BMFC-L8340CDWDCP-L2532DWRJ-2140HL-L9470CDNDCP-B7520DWMFC-J4345DW XLDCP-B7648DWHL-L3220CWEQL-810WcMFC-L3735CDNMFC-J7700CDWDCP-T825DWHL-L5100DNMFC-J898NHL-1212Wbizhub 3000MFMFC-L2750DWRDocuPrint M260 zHL-L2357DWDocuPrint P375 dwHL-B2100DBDCP-L2540DNRHL-L8360CDWTHL-L2325DWRJ-3050AiQL-1110NWBcMFC-L6820DWMFC-7890DNMFC-J1215WMFC-L5710DWMFC-L5902DWMFC-L2740DWRHL-1223WRDCP-L3555CDWDCP-T735DWMFC-J6945DWMFC-B7811DWRJ-2050HL-L6410DNMFC-L5802DWHL-B2181DWMFC-L5912DWMFC-L5715DWMFC-J2740DWMFC-J805DWMFC-L2820DWXLHL-L8230CDWMFC-L2900DWXLMFC-J6980CDWDCP-J577NHL-L6415DWTD-2320DHL-L1230WDCP-T428WMFC-J6999CDWDCP-J981NDCP-L2551DWDocuPrint M378 dSP-1 (for Japan)DCP-J582NHL-L3240CDWMFC-J3540DWDocuPrint P285 dwDocuPrint P288 dwDCP-T525WDCP-J1203NHL-L2460DNDCP-T710W(for China)DCP-J1200W(XL)MFC-J4440NHL-L6415DWTMFC-J995DWTD-4420DNZDCP-B7578DWMFC-J6930DWMFC-J904NHL-L6217DWMFC-L6800DWHL-L6202DWHL-L2460DWXLMFC-L2712DNDCP-L5602DNDCP-T725DWDocuPrint P235 dHL-2595DWHL-L2467DWHL-L2351DWMFC-L2740DWPT-E850TKW (for UAE)MFC-L2710DWRHL-5590DNMFC-J6583CDWDCP-T510WQL-1110NWBMFC-L2827DWTD-2350DSADCP-L5518DNMFC-J1800DWQL-820NWBHL-L8260CDNDCP-1612WRDocuPrint M378 dfHL-L2352DWMFC-T910DWMFC-J4443NDocuPrint P388 dwMFC-J6535DWDCP-J972NMFC-L5755DWDCP-T520WMFC-L2685DWMFC-L2730DNMFC-L2827DWXLHL-1223WERJ-3050bizhub 5020iHL-L2366DWTD-4420DNDCP-T425WDCP-J987N-WMFC-J5855DW XLMFC-J7500CDWDocuPrint M225 dwTD-2350DDCP-L2550DW(TWN)HL-L3280CDWMFC-J905NMFC-T925DWDocuPrint P275 dwMFC-L2862DWDCP-J914NMFC-L2771DWHL-L2440DWMFC-L6970DWMFC-J6995CDWMFC-L2980DWHL-L2370DWMFC-J4540DW(XL)DCP-L2535DWHL-L6210DWMFC-T4500DWMFC-L2770DWHL-L6402DWMFC-L9630CDNMFC-L5728DWDCP-L2520DWRDCP-L2551DNDCP-L2518DWHL-L2447DWMFC-J1605DNHL-1210WMFC-L2732DWDCP-L3550CDWMFC-J6957DWHL-L2420DWDCP-7189DWHL-L9410CDNDCP-L2530DWDCP-L1630WHL-L1238WMFC-L6750DWMFC-1910WEDCP-L3510CDWMFC-J995DW XLMFC-L6710DWMFC-J3930DWe-STUDIO301DNDCP-L2627DWEPT-E550W (for Vietnum)HL-L3290CDWDocuPrint M225 zDCP-L2548DWMFC-L5717DWHL-2569DWDCP-1610WRMFC-J5345DWDCP-T236HL-B2150WDCP-C1210NMFC-J5740DWMFC-L2717DWMFC-L5750DWMFC-L5900DWDCP-L2550DNMFC-L3770CDWDCP-J1800DWHL-L5210DNMFC-J6947DWHL-EX415DWHL-J6000CDWDCP-L2560DWRHL-1212WRHL-L2405WHL-L6210DWTHL-L6400DWMFC-L2751DWFAX-L2710DNDCP-L2680DWMFC-L6912DWMFC-L2720DWRHL-L5212DWDCP-J978N-W/BMFC-B7800DNMFC-L8390CDWTD-2310DDCP-L2560DWHL-B2180DWBHL-1218WMFC-7880DNHL-3190CDWMFC-1910WDocuPrint M275 zMFC-J5845DW(XL)DCP-C421WDCP-9030CDNHL-L3288CDWMFC-J5340DWMFC-J6959DWMFC-7895DWMFC-L2807DWbizhub 4020iDCP-J526NMFC-1915WHL-L2370DNHL-L1808WMFC-L8610CDW(for Japan)DCP-L2600DWHL-B2158WMFC-T935DWMFC-L9635CDNDCP-L5660DNDCP-J915NDCP-L2627DWXLDCP-T830DWDocuPrint P378 dwDCP-L2550DWMFC-L6915DN CSPMFC-L2730DWRHL-1222WEMFC-J6530DWHL-B2180DWHL-L2376DWMFC-7889DWDCP-1612WEHL-L2380DWHL-L6200DWQL-820NWBcDCP-1623WRMFC-J5340DWEbizhub 5000iMFC-J1500NDCP-L5512DNNFC-J903NHL-B2188DWbizhub 3080MFMFC-L3740CDWEDCP-J1200WEMFC-B7810DWBMFC-J5730DWMFC-J690DWHL-L2350DWMFC-L2750DWXLHL-1210WRDCP-T226MFC-L6915DNRJ-3150MFC-L5915DWHL-L6418DWDCP-L5510DWMFC-L2885DWHL-L2425DWADS-3000NTD-2350DFSAHL-L3270CDWMFC-L2730DWDCP-T710WHL-L3220CDWMFC-L2860DWDCP-T536DWDocuPrint M285 zHL-L6300DWMFC-L5800DWRJ-2150HL-L6450DWDCP-L3520CDWMFC-L2817DWDCP-J528NMFC-L2710DNDCP-L2550DNRDocuPrint P385 dwMFC-EX910DocuPrint P225 dMFC-L3740CDWDCP-L3515CDWMFC-L2820DWDCP-L1848Wbizhub 4000iMFC-L5700DNDocuPrint M288 dwDocuPrint M385 zMFC-J939DWNDCP-L5510DNHL-L6400DWTPT-P750WDCP-B7658DWDocuPrint M375 dfDCP-L2628DWM 340WMFC-L2860DWEMFC-J738DNHL-L2400DWEMFC-L2880DWDCP-L2605DWHL-L5210DWTMFC-L6950DWDCP-L2648DWDCP-J4143NMFC-L2680WHL-2590DNHL-L3220CWMFC-L3710CDWMFC-L2750DWMFC-B7720DNTD-4550DNWBMFC-T810W(for China)DCP-1610WEPT-E850TKW (for Thailand)HL-L2360DNRMFC-L2716DWPT-E550W (for Koria)HL-L6200DWTHL-L5100DNTDocuPrint P375 dDCP-L2622DWHL-L6250DWDocuPrint M115 fwHL-L5218DNMFC-L9570CDW(for Japan)HL-L2480DWMFC-L2710DWM 340FWDCP-1616NWHL-L2372DNHL-L1232WMFC-L3780CDWMFC-L2805DWMFC-L2710DNRMFC-J6935DWHL-L3228CDWDCP-L2540DWHL-L9310CDWMFC-J3940DWMFC-J6555DW XLMFC-J6580CDWHL-L8360CDWADS-3600WMFC-L8900CDWMFC-J491DWDCP-T510W(for China)MFC-J1010DWDCP-1615NWHL-B2100DMFC-L6915DWDCP-J1200NDCP-L3520CDWEHL-L2865DWMFC-L2720DNDCP-T230DCP-L2520DWMFC-L2920DWDCP-1622WEMFC-L6900DWGMFC-J895DWMFC-B7810DWMFC-L3720CDWHL-L8240CDWDCP-T430WMFC-L3760CDWHL-L2360DWMFC-L3765CDWMFC-J6997CDWFAX-L2700DNDocuPrint M115 wDCP-B7558WDCP-L2600DNFC-EX670MFC-J805DW XLDCP-B7608WPT-E850TKW (for China)DCP-7190DWMFC-L2700DNMFC-J6730DWDCP-B7640DWDCP-J774DWMFC-L2712DWMFC-1919NWDCP-L2552DNMFC-J1012DWHL-2560DNHL-L2305WHL-L2385DWMFC-L2713DWDCP-L2625DWDCP-B7530DNFAX-L2800DWMFC-L2802DNMFC-J6983CDWMFC-J739DNHL-L3230CDWMFC-J6555DWDCP-T720DWDCP-L2627DWMFC-L5718DNMFC-L5715DNDCP-J1100DWDocuPrint M235 dwHL-L6400DWGPT-E550W (for Thailand)HL-J6000DWHL-L2370DNRDCP-B7620DWBDCP-7195DWHL-L6415DNHL-L2445DWMFC-J6940DWDCP-T238HL-L3230CDNDocuPrint P265 dwHL-L5210DWDCP-B7535DWMFC-J4335DW(XL)MFC-J6740DWMFC-L9670CDNDocuPrint M118 wHL-L5215DWMFC-L2700DWRTD-4520DNMFC-1911WMFC-J926N-WBMFC-L2707DWADS-2800WMFC-EX915DWMFC-L2802DWRJ-3250WBMFC-J1300DWMFC-L2861DWDCP-1623WEMFC-T810WDCP-L2620DWMFC-L9570CDWMFC-J2730DWDCP-T225ADS-2400NDCP-7090DWMFC-J7100CDWMFC-L6700DWDCP-T730DWMFC-J1205W(XL)MFC-L3768CDWMFC-J739DWNDCP-B7628DWDCP-B7640DWBMFC-L2700DWMFC-L5700DWMFC-J6955DWMFC-L2715DWDCP-B7650DWMFC-L2703DWHL-L2340DWRDocuPrint M268 dwDCP-L3517CDWDCP-L2541DWMFC-J5855DWMFC-J497DWDocuPrint P115 wDCP-J988NMFC-J6540DWEDCP-L2540DNDCP-L2665DWPT-E850TKW (for Asia pacific, EU, US)HL-3160CDWDCP-L5662DNMFC-L9577CDWHL-L2400DWDCP-L3551CDWDocuPrint M288 zQL-810WHL-L5202DWMFC-J4340DW(XL)MFC-B7715DWDCP-T426WP 201WDCP-L5500DNSP 230SFNwMFC-J7600CDWDCP-B7600DDCP-L6600DWHL-L2340DWMFC-L2880DWXLPT-E550W (for China)MFC-J6540DWHL-JF1MFC-J5330DWPJ-883DCP-L3568CDWHL-L2375DWRDCP-L5502DNMFC-L2806DWMFC-9350CDWHL-T4000DWTD-2120NMFC-1912WRHL-L6415DN CSPPT-E850TKW (for Koria)HL-B2050DNMFC-L2705DWDCP-J587NHL-L2315DWDocuPrint M235 zTD-2320DFMFC-L6910DNMFC-L2720DWPT-P900WcDCP-J572NDCP-L2530DWRHL-5595DNHL-L5200DWTDCP-J1800NHL-L2360DNDCP-T530DWHL-J6100DWDCP-B7620DWDCP-L5652DNDCP-L5610DNHL-1211WHL-L2464DWHL-L3215CWHL-L2350DWRDCP-L2537DWMFC-L8395CDWMFC-J738DWNHL-L2465DWHL-L2475DWPT-P900WDCP-J1050DWDCP-T220DCP-J1140DWMFC-8530DNDCP-1610W
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2024-49822
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 8.68%
||
7 Day CHG+0.01%
Published-18 Mar, 2025 | 14:19
Updated-14 Aug, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Advisor server-side request forgery

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_advisorQRadar Advisor with Watson
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-4894
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.01%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 02:53
Updated-01 Aug, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ITPison OMICARD EDM - Server-Side Request Forgery

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.

Action-Not Available
Vendor-ITPisonitpison
Product-OMICARD EDMomicard_edm
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-25236
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 61.13%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 19:36
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsworry-free_business_securityofficescanTrend Micro OfficeScanTrend Micro Worry-Free Business Security
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-6308
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-84.44% / 99.28%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 13:31
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Services)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found