PT-2022-8022 · Unknown · Ariadne Component Library

Name of the Vulnerable Software and Affected Versions: Ariadne Component Library versions up to 2.x Description: A critical issue has been found, affecting an unknown function of the file src/url/Url.php. This issue leads to server-side request forgery. Recommendations: For Ariadne Component...

PT-2022-24280 · Esri · Portal For Arcgis

🚨 CVE-2022-38212 Protections against potential Server-Side Request Forgery SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to...

MeterSphere 代码问题漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.5.0 before the version of the code problem vulnerability , the vulnerability stems from the existence of server-side request forgery , resulting in reflective cross-site scripting...

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

AWS SDK for Android 代码问题漏洞

AWS SDK for Android is an AWS SDK for Android open source by AWS Amplify. A code issue vulnerability exists in AWS SDK for Android prior to version 2.59.01, which stems from a function in the aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java file in the component XML Parser...

CVE-2022-37313

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record...

PT-2022-23921 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue arises from the anti-SSRF protection mechanism in OX App Suite, which only checks the first DNS AA or AAAA record, allowing Server-Side Request Forgery SSRF attacks...

The CSV import function in JSM Insight’s data processing center for Atlassian Jira Server and Data Center is vulnerable, allowing attackers to perform SSRF attacks.

The vulnerability of the CSV import function in JSM Insight, a data processing tool for Atlassian Jira Server and Data Center, is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

PT-2022-28039 · Amazon · Aws Sdk

Name of the Vulnerable Software and Affected Versions: AWS SDK version 2.59.0 Description: A critical issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request...

CVE-2022-47635

Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery SSRF via ZohoClient.php...

WMS 代码问题漏洞

WMS is a warehouse management software. A security vulnerability exists in Wildix WMS 6 versions prior to 6.02.20221216, WMS 5 versions prior to 5.04.20221214, and WMS4 versions prior to 4.04.45396.23. An attacker could exploit this vulnerability to conduct server-side request forgery SSRF attack...

CVE-2022-47514

An XML external entity XXE injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery SSRF attacks, as demonstrated by a pingback.aspx POST request...

XML-RPC.NET 代码问题漏洞

XML-RPC.NET is an open source library from PaperCut Software for implementing XML-RPC services and clients in . A security vulnerability exists in versions of XML-RPC.NET prior to 2.5.0 that originates from allowing an authenticated remote user to conduct a server-side request forgery SSRF attack...

CVE-2022-42343

Adobe Campaign version 7.3.1 and earlier and 8.3.9 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URL...

GHSA-X3X3-QWJQ-8GJ4 Apache CXF Server-Side Request Forgery vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

PT-2022-6004 · Adobe · Campaign

Name of the Vulnerable Software and Affected Versions: Adobe Campaign versions 7.3.1 and earlier Adobe Campaign versions 8.3.9 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege...

CVE-2022-46827

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible...

PT-2022-27984 · Jetbrains · Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3 Description: The issue allows for an XXE attack, which can lead to a Server-Side Request Forgery SSRF via requests to custom plugin repositories. This occurs due to a flaw in handling requests ...

Kwoksys Kwok Information Server 代码问题漏洞

Kwoksys Kwok Information Server is an open source IT management system from Kwoksys. A security vulnerability exists in versions prior to Kwoksys Kwok Information Server v2.9.5.SP31. An attacker could exploit this vulnerability to perform server-side request forgery SSRF attacks...

CVE-2022-35508

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...