CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

CVE-2021-20480

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502...

CVE-2021-26072

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability...

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials...

The vulnerability of Microsoft Exchange Server servers, related to insufficient validation of incoming requests, allows attackers to execute SSRF attacks.

The vulnerability of Microsoft Exchange Server lies in the insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using specially crafted HTTPS requests that contain malicious cookie files named X-AnonResource-Backend and...

DEBIAN-CVE-2020-11988

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

CVE-2021-27103

Accellion FTA 912411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA912416 and later...

jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity XXE attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of...

keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter

A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

PYSEC-2020-247

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

CVE-2019-14476

AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery SSRF vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems...

DEBIAN-CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

Adrem Netcrunch Code Issue Vulnerability

Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. A code issue vulnerability exists in AdRem NetCrunch version 10.6.0.4587,...

CVE-2020-28977

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF...

CVE-2020-14023

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS...

Vulnerabilities fixed in SAP Netweaver

SAP has fixed several vulnerabilities in SAP NetWeaver. These vulnerabilities allow malicious actors to remotely launch a Cross Site Scripting attack, or Server Side Request Forgery to execute execute. SAP has released updates to fix these vulnerabilities. For more information see:...

CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...

CloudBees Jenkins Code Coverage API Plugin XXE Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Code Covera...

Nextcloud server server-side request forgery vulnerability (CNVD-2020-21013)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A server-side request forgery vulnerability exists in Nextcloud server versions prior to 17.0.1, prior to 16.0.7, and prior to 15.0.14, and no detailed...