CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

Security Bulletin: The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729)

Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik CVE-2022-44730, CVE-2022-44729. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery,...

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-44730, CVE-2022-44729)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By...

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...

Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products

Summary Apache Batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker...

CVE-2023-37440

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery SSRF attack. A successful exploit allows an attacker to enumerate information about the internal structure of the...

CVE-2023-37440 Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery SSRF attack. A successful exploit allows an attacker to enumerate information about the internal structure of the...

CVE-2023-37440

CVE-2023-37440 affects Aruba Networks EdgeConnect SD-WAN Orchestrator (web-based management interface). The vulnerability is a Server-Side Request Forgery (SSRF) that could allow an unauthenticated remote attacker to enumerate internal host information and potentially disclose sensitive data. The...

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)

Summary A vulnerability in Node.js Request package through 2.88.1 affects the Node.js component that is used by IBM Event Streams CVE-2023-28155. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side...

Security Bulletin: Decision Optimization for Cloud Pak for Data is vulnerable to a server-side request forgery (CVE-2023-28155).

Summary The Node.js Request module vulnerability used by Decision Optimization for Cloud Pak for Data has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. B...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js Request module denial of service vulnerabilitiy [ CVE-2023-28155]

Summary Potential Node.js Request module denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-28155 Vulnerability Details...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache CXF

Summary Vulnerability in Apache CXF allows server-side request forgery, caused by a flaw in parsing may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of...

CVE-2023-34959

An issue in Chamilo v1.11. up to v1.11.18 allows attackers to execute a Server-Side Request Forgery SSRF and obtain information on the services running on the server via crafted requests in the social and links tools...

CVE-2023-33184

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...

Cisco Identity Services Engine XML External Entity Injection Vulnerability

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An XML external entity injection vulnerability...

CVE-2023-20174

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery SSRF attack through an affected device. To exploit these vulnerabilities, an attacker...

PT-2023-2779 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE. These vulnerabilities could allow an...

Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364

Summary IBM ECM Content Management Interoperability Services CMIS cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by ...

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to remote code execution due to Apache CXF (CVE-2022-46364)

Summary Apache CXF is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastructure. Information about security vulnerabilities affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerab...