Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2020-16171
HistorySep 21, 2020 - 1:07 p.m.

CVE-2020-16171

2020-09-2113:07:07
mitre
www.cve.org
4
acronis cyber backup
ssrf attacks
cve-2020-16171
api endpoints
custom shard header

EPSS

0.056

Percentile

93.3%

JSON

An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.

Related

packetstorm 1
exploitdb 1
cve 1
cnvd 1
prion 1
nvd 1
packetstorm
packetstorm
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
2020-09-16 00:00:00
exploitdb
exploitdb
Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF
2020-11-27 00:00:00
cve
cve
CVE-2020-16171
2020-09-21 14:15:13
cnvd
cnvd
Acronis Cyber Backup code issue vulnerability
2020-09-21 00:00:00
prion
prion
Server side request forgery (ssrf)
2020-09-21 14:15:00
nvd
nvd
CVE-2020-16171
2020-09-21 14:15:13

EPSS

0.056

Percentile

93.3%

JSON
Related for CVELIST:CVE-2020-16171
packetstorm1exploitdb1cve1cnvd1prion1nvd1