Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
|
|||||
| CVE-2020-8226 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
|
|||||
| CVE-2020-8205 | 1 Transloadit | 1 Uppy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
|
|||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
|
|||||
| CVE-2020-8135 | 1 Uppy | 1 Uppy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
|
|||||
| CVE-2020-8134 | 1 Ghost | 1 Ghost | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
|
|||||
| CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
|
|||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
|
|||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
|
|||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
|
|||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
|
|||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
|
|||||
| CVE-2020-7126 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
|
|||||
| CVE-2020-6308 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable serv ...
Show More |
|||||
| CVE-2020-6282 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.
|
|||||
| CVE-2020-6275 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.
|
|||||
| CVE-2020-5784 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs.
|
|||||
| CVE-2020-5775 | 1 Instructure | 1 Canvas Learning Management Service | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
|
|||||
| CVE-2020-5562 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
|
|||||
| CVE-2020-5014 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
|
|||||
| CVE-2020-4974 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
|
|||||
| CVE-2020-4882 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.
|
|||||
| CVE-2020-4787 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.
|
|||||
| CVE-2020-4786 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.
|
|||||
| CVE-2020-4632 | 1 Ibm | 1 Infosphere Metadata Asset Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.
|
|||||
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.
|
|||||
| CVE-2020-4365 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.
|
|||||
| CVE-2020-4294 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.
|
|||||
| CVE-2020-4101 | 1 Hcltech | 1 Hcl Digital Experience | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
"HCL Digital Experience is susceptible to Server Side Request Forgery."
|
|||||
| CVE-2020-3938 | 1 Sysjust | 1 Syuan-gu-da-shin | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.
|
|||||
| CVE-2020-3769 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2020-36232 | 1 Atlassian | 4 Atlassian-gadgets, Data Center, Jira Data Center and 1 more | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.
|
|||||
| CVE-2020-36200 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
|
|||||
| CVE-2020-35970 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
|
|||||
| CVE-2020-35850 | 1 Cockpit-project | 1 Cockpit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.
|
|||||
| CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.
|
|||||
| CVE-2020-35667 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
|
|||||
| CVE-2020-35561 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
|
|||||
| CVE-2020-35558 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
|
|||||
| CVE-2020-35313 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
|
|||||