CWE:
 

Topic
Date
Author
Med.
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
17.09.2020
Julien Ahrens
Low
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
16.06.2020
Martin Heiland
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2020-09-22
Low
CVE-2020-14023

Vendor: Ozeki
Software: Ozeki ng sms...
 

 
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.

 
2020-09-14
Medium
CVE-2020-13309

Vendor: Gitlab
Software: Gitlab
 

 
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.

 
2020-09-04
Low
CVE-2020-4632

Vendor: IBM
Software: Infosphere m...
 

 
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.

 
2020-08-29
Low
CVE-2020-24898

Vendor: Stiltsoft
Software: Table filter...
 

 
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).

 
2020-08-28
Medium
CVE-2020-9298

Vendor: Spinnaker
Software: ORCA
 

 
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.

 
2020-08-26
Medium
CVE-2020-24548

Vendor: Ericom
Software: Access server
 

 
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.

 
2020-08-25
Low
CVE-2020-17386

Vendor: Cellopoint
Software: Cellos
 

 
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.

 
2020-08-21
Medium
CVE-2020-5775

Vendor: Instructure
Software: Canvas learn...
 

 
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.

 
2020-08-17
Medium
CVE-2020-15152

Vendor: Ftp-srv project
Software: Ftp-srv
 

 
ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version 4.3.4. More information can be found on the linked advisory.

 
Medium
CVE-2020-8226

Vendor: Phpbb
Software: Phpbb
 

 
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top