Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-1561

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-25 Mar, 2026 | 20:10
Updated At-26 Mar, 2026 | 15:37
Rejected At-
Credits

IBM WebSphere Application Server Liberty Server-Side Request Forgery

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:25 Mar, 2026 | 20:10
Updated At:26 Mar, 2026 | 15:37
Rejected At:
▼CVE Numbering Authority (CNA)
IBM WebSphere Application Server Liberty Server-Side Request Forgery

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Affected Products
Vendor
IBM CorporationIBM
Product
WebSphere Application Server Liberty
CPEs
  • cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:26.0.0.3:*:*:*:liberty:*:*:*
Versions
Affected
  • From 17.0.0.3 through 26.0.0.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70017 . To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature . For IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.3 using the samlWeb-2.0 feature: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH70017 --OR-- · Apply Liberty Fix Pack 26.0.0.4 or later (targeted availability 2Q2026). Additional interim fixes may be available and linked off the interim fix download page.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7267347
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7267347
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:25 Mar, 2026 | 21:16
Updated At:30 Mar, 2026 | 16:58

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CPE Matches
IBM Corporation
ibm
>>websphere_application_server>>Versions from 17.0.0.3(inclusive) to 26.0.0.4(exclusive)
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>i>>-
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>z\/os>>-
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarypsirt@us.ibm.com
CWE ID: CWE-918
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7267347psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7267347
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

223Records found
CVE-2020-4787
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 11.77%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4529
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.15% / 35.26%
||
7 Day CHG+0.04%
Published-08 Jun, 2020 | 12:55
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26138
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.10% / 27.11%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26121
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IOT Explorer Spoofing Vulnerability

Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_iot_explorerAzure IoT Explorer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26120
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.80%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Bing Tampering Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-bingMicrosoft Bing
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-31776
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 32.81%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 16:07
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26150
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.09% / 25.15%
||
7 Day CHG+0.01%
Published-23 Apr, 2026 | 21:37
Updated-30 Apr, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purview_ediscoveryMicrosoft Purview eDiscovery
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26139
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.10% / 26.35%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35712
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 54.30%
||
7 Day CHG~0.00%
Published-25 Dec, 2020 | 23:46
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.

Action-Not Available
Vendor-n/aEnvironmental Systems Research Institute, Inc. ("Esri")Microsoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelarcgis_servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-49822
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 14:19
Updated-01 Sep, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Advisor server-side request forgery

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_advisorQRadar Advisor with Watson
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26118
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.46%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure MCP Server Tools Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_mcp_serverAzure MCP Server Tools 1.0.0 (NuGet)Azure MCP Server Tools 2.0.0 (npm)Azure MCP Server Tools 2.0.0 (PyPi)Azure MCP Server Tools 1.0.0 (npm)Azure MCP Server Tools 2.0.0 (NuGet)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26137
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.04% / 10.97%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilot_chatMicrosoft Exchange Online
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-27018
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.12%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 23:10
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsinterscan_messaging_security_virtual_applianceTrend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-21512
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.13%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-10 Apr, 2026 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure DevOps Server Cross-Site Scripting Vulnerability

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverAzure DevOps Server 2022
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-12832
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 6.64%
||
7 Day CHG-0.03%
Published-08 Dec, 2025 | 21:46
Updated-10 Dec, 2025 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server Server-Side Request Forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-1343
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 11.93%
||
7 Day CHG-0.01%
Published-08 Apr, 2026 | 00:10
Updated-09 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

Action-Not Available
Vendor-IBM Corporation
Product-verify_identity_access_containerverify_identity_accesssecurity_verify_access_containersecurity_verify_accessVerify Identity AccessSecurity Verify Access ContainerSecurity Verify AccessVerify Identity Access Container
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-41763
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-16.50% / 94.92%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-28 Oct, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Skype for Business Elevation of Privilege Vulnerability

Skype for Business Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_business_serverSkype for Business Server 2019 CU7Skype for Business Server 2015 CU13Skype for Business
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-43394
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.44%
||
7 Day CHG+0.09%
Published-10 Jul, 2025 | 16:56
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF on Windows due to UNC paths

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-32186
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.82%
||
7 Day CHG+0.01%
Published-03 Apr, 2026 | 17:22
Updated-30 Apr, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Bing Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-bingMicrosoft Bing
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-40898
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.73% / 72.85%
||
7 Day CHG+0.19%
Published-18 Jul, 2024 | 09:32
Updated-13 Sep, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Serverapache_http_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-64663
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 22:02
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom Question Answering Elevation of Privilege Vulnerability

Custom Question Answering Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_languageAzure Cognitive Service for Language
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2010-1637
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.04%
||
7 Day CHG~0.00%
Published-22 Jun, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Action-Not Available
Vendor-n/aApple Inc.Red Hat, Inc.SquirrelMailFedora Project
Product-enterprise_linux_serverenterprise_linux_workstationmac_os_xenterprise_linux_desktopfedorasquirrelmailmac_os_x_servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38109
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.94% / 88.38%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Health Bot Elevation of Privilege Vulnerability

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_health_botAzure Health Bot
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-55910
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.21%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 00:39
Updated-28 Aug, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software server-side request forgery

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-concertlinux_kernelConcert Software
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-33864
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 13:30
Updated-28 Apr, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.

Action-Not Available
Vendor-linqin/alinqiMicrosoft Corporation
Product-linqiwindowsn/alinqi
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-62207
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.12% / 29.76%
||
7 Day CHG+0.02%
Published-20 Nov, 2025 | 22:18
Updated-26 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Elevation of Privilege Vulnerability

Azure Monitor Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitorAzure Monitor Control Service
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-30444
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.85%
||
7 Day CHG-0.05%
Published-27 Apr, 2023 | 12:52
Updated-30 Jan, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.

Action-Not Available
Vendor-IBM Corporation
Product-watson_machine_learning_on_cloud_pak_for_dataWatson Machine Learning on Cloud Pak for Data
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-4203
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.9||HIGH
EPSS-0.46% / 63.92%
||
7 Day CHG~0.00%
Published-15 Apr, 2019 | 14:55
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-59503
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.20% / 41.28%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 21:18
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Compute Resource Provider Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_compute_resource_providerAzure Compute Resource Provider
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-28288
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-9.09% / 92.69%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-31897
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 02:01
Updated-02 Aug, 2024 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Business Automation server-side request forgery

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_business_automationCloud Pak for Business Automation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-4741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 16:10
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowscontent_navigatorlinux_kernelContent Navigator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39051
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 29.96%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 16:45
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_copy_data_managementSpectrum Copy Data Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2016-5968
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.31%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 03:38
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tealeaf_customer_experiencen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2016-6001
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.14% / 33.34%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

Action-Not Available
Vendor-IBM Corporation
Product-forms_experience_builderForms Experience Builder
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39057
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.12% / 30.51%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 18:35
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-24954
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.28% / 84.77%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2sharepoint_serverwindows_10_22h2windows_server_2022sharepoint_enterprise_serverwindows_10_20h2windows_11_22h2windows_10_1607Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-21761
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-13.07% / 94.13%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-53767
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.47% / 64.45%
||
7 Day CHG+0.27%
Published-07 Aug, 2025 | 21:01
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure OpenAI Elevation of Privilege Vulnerability

Azure OpenAI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_openaiAzure Open AI
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-53760
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.64% / 70.73%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-52453
Matching Score-6
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-6
Assigner-Salesforce, Inc.
CVSS Score-8.2||HIGH
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 19:05
Updated-31 Oct, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Action-Not Available
Vendor-tableauSalesforceLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowstableau_serverTableau Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-34473
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-94.19% / 99.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-29 Oct, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 20Exchange Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38206
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-2.40% / 85.14%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 21:38
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Copilot Studio Information Disclosure Vulnerability

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-copilot_studioMicrosoft Copilot Studio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-34425
Matching Score-6
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-6
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 48.13%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 19:25
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery in Zoom Client for Meetings chat

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.

Action-Not Available
Vendor-Google LLCApple Inc.Microsoft CorporationZoom Communications, Inc.Linux Kernel Organization, Inc
Product-iphone_oslinux_kernelandroidmeetingswindowsmacosZoom Client for Meetings for WindowsZoom Client for Meetings for macOSZoom Client for Meetings for LinuxZoom Client for Meetings for iOSZoom Client for Meetings for Android
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38183
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.97% / 88.43%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 18:15
Updated-31 Dec, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GroupMe Elevation of Privilege Vulnerability

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-groupmeGroupMe
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-43880
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 3.06%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 15:34
Updated-24 Apr, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar WinCollect Agent

IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_wincollectQRadar WinCollect Agent
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42343
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 74.11%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-23 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign Classic (ACC)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41552
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.18%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 02:10
Updated-01 May, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

Action-Not Available
Vendor-Linux Kernel Organization, IncHitachi, Ltd.Microsoft Corporation
Product-linux_kernelops_center_viewpointops_center_analyzerwindowsinfrastructure_analytics_advisorHitachi Ops Center AnalyzerHitachi Infrastructure Analytics Advisor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-31950
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-1.68% / 82.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-30678
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.46%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 19:56
Updated-08 Sep, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_centralwindowsTrend Micro Apex Central
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found