Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-08-04 | 5.0 Medium |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | ||||
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-08-04 | 9.8 Critical |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | ||||
| CVE-2020-7126 | 1 Arubanetworks | 1 Airwave Glass | 2024-08-04 | 5.8 Medium |
| A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-6282 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 5.8 Medium |
| SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. | ||||
| CVE-2020-6275 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-04 | 9.8 Critical |
| SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. | ||||
| CVE-2020-6308 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.3 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. | ||||
| CVE-2020-5784 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-08-04 | 6.5 Medium |
| Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | ||||
| CVE-2020-5775 | 1 Instructure | 1 Canvas Learning Management Service | 2024-08-04 | 5.8 Medium |
| Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. | ||||
| CVE-2020-5562 | 1 Cybozu | 1 Garoon | 2024-08-04 | 4.9 Medium |
| Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | ||||
| CVE-2020-4101 | 1 Hcltech | 1 Hcl Digital Experience | 2024-08-04 | 9.8 Critical |
| "HCL Digital Experience is susceptible to Server Side Request Forgery." | ||||
| CVE-2020-3769 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 7.5 High |
| Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-1925 | 2 Apache, Redhat | 2 Olingo, Jboss Fuse | 2024-08-04 | 7.5 High |
| Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker. | ||||
| CVE-2021-44659 | 1 Thoughtworks | 1 Gocd | 2024-08-04 | 9.8 Critical |
| Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests | ||||
| CVE-2021-46107 | 1 Ligeo-archives | 1 Ligeo Basics | 2024-08-04 | 7.5 High |
| Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. | ||||
| CVE-2021-45968 | 2 Jivesoftware, Pascom | 2 Jive, Cloud Phone System | 2024-08-04 | 7.5 High |
| An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. | ||||
| CVE-2021-45851 | 1 Frangoteam | 1 Fuxa | 2024-08-04 | 7.5 High |
| A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server. | ||||
| CVE-2021-45394 | 1 Html2pdf Project | 1 Html2pdf | 2024-08-04 | 8.8 High |
| An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document. | ||||
| CVE-2021-45325 | 1 Gitea | 1 Gitea | 2024-08-04 | 7.5 High |
| Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | ||||
| CVE-2021-44224 | 7 Apache, Apple, Debian and 4 more | 15 Http Server, Mac Os X, Macos and 12 more | 2024-08-04 | 8.2 High |
| A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | ||||
| CVE-2021-44139 | 1 Hashicorp | 1 Sentinel | 2024-08-04 | 7.5 High |
| Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | ||||