Lucene search
K

9247 matches found

NVD
NVD
added 2020/06/11 2:15 p.m.16 views

CVE-2020-4101

"HCL Digital Experience is susceptible to Server Side Request Forgery."...

9.8CVSS0.01089EPSS
Exploits0References1
Prion
Prion
added 2020/06/11 2:15 p.m.19 views

Server side request forgery (ssrf)

"HCL Digital Experience is susceptible to Server Side Request Forgery."...

7.5CVSS9.3AI score0.01089EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/06/10 1:15 p.m.14 views

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...

9.8CVSS0.01439EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/10 12:39 p.m.19 views

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...

7.6CVSS9.5AI score0.01439EPSS
Exploits0References2
CVE
CVE
added 2020/06/10 12:39 p.m.57 views

CVE-2020-6275

Concrete details available: SAP NetWeaver AS ABAP (versions 700–754) is vulnerable to Server-Side Request Forgery via improper path names in import/export of sessions, allowing the web server to authenticate to a malicious server; NTLM exposure can compromise confidentiality, integrity, and avail...

9.8CVSS9.3AI score0.01439EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.5 views

PT-2020-19068 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP Netweaver AS ABAP versions 700 through 754 Description: The issue allows an attacker to perform a Server Side Request Forgery Attack by using inappropriate path names containing malicious server names in the import/export of sessions...

9.8CVSS7.5AI score0.01439EPSS
Exploits0References3
Veracode
Veracode
added 2020/06/08 4:6 a.m.40 views

Server Side Request Forgery (SSRF)

github.com/kubernetes/kubernetes is vulnerable to Server Side Request Forgery SSRF. An attacker with a privilege to create a pod with certain built-in Volume types GlusterFS, Quobyte, StorageFS, ScaleIO or to create a StorageClass can cause an authenticated user to leak the resources from the...

6.3CVSS2AI score0.03679EPSS
Exploits0References7Affected Software4
OSV
OSV
added 2020/06/05 5:15 p.m.27 views

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS6.4AI score
Exploits0References6
NVD
NVD
added 2020/06/05 5:15 p.m.21 views

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS5.2AI score0.03679EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2020/06/05 5:15 p.m.34 views

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS6.8AI score0.03679EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/06/05 2:19 p.m.17 views

Lark Technologies: Stored XSS & SSRF in Lark Docs

A stored XSS cross site scripting vulnerability was discovered in Lark Docs that could be escalated into a Server Side Request Forgery SSRF vulnerability if opened in a headless browser on the Lark server. The vulnerability has been resolved. We thank @mike12 for reporting this to our team and...

0.5AI score
Exploits0
Debian CVE
Debian CVE
added 2020/06/04 9:50 p.m.30 views

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS5.5AI score0.03679EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/06/04 9:50 p.m.39 views

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS5.5AI score0.03679EPSS
Exploits0
Hacker One
Hacker One
added 2020/06/04 8:42 p.m.131 views

Node.js third-party modules: [Uppy] Internal Server side request forgery (bypass of #786956)

I would like to report Internal Server-side request forgery in Uppy It allows the attacker to easily extract information from internal servers Module module name: Uppy version:1.15.0 npm page: https://www.npmjs.com/package/uppy Module Description Uppy is a sleek, modular JavaScript file uploader...

5CVSS0.0119EPSS
Exploits1
Veracode
Veracode
added 2020/06/04 4:20 a.m.27 views

Server-Side Request Forgery (SSRF)

github.com/grafana/grafana is vulnerable to server-side request forgery. An unauthenticated remote attacker is able to submit requests on behalf of the server and obtain the response via the avatar URL. This allows the attacker to access and obtain information within the internal network or perfo...

8.2CVSS4.2AI score0.99856EPSS
Exploits5References42Affected Software6
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.5 views

PT-2020-5961 · Grafana +4 · Grafana +4

Name of the Vulnerable Software and Affected Versions: Grafana versions 3.0.1 through 7.0.1 Description: The avatar feature in Grafana has an SSRF Incorrect Access Control issue, allowing any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the...

9.8CVSS7.2AI score0.99856EPSS
Exploits40References294
Tenable Nessus
Tenable Nessus
added 2020/05/28 12:0 a.m.73 views

Oracle WebLogic UDDI Explorer Server-Side Request Forgery

The Oracle WebLogic UDDI Explorer service in Oracle Fusion Middleware versions 10.0.2 and 10.3.6 is affected by a server-side request forgery vulnerability due to the lack of validation of the operator parameter in the SearchPublicRegistries.jsp page. A remote and unauthenticated attacker can...

5CVSS6.6AI score0.38152EPSS
Exploits8References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/19 4:34 p.m.22 views

Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4365)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...

5.3CVSS2.3AI score0.01398EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.22 views

Debian DLA-2211-1 : log4net security update

It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as 'Mono'. This type of attack occurs when XML input containing a reference to an internet-faced entity is processed by a weakly...

5.4AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/14 7:3 p.m.24 views

Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

5.3CVSS2.5AI score0.01398EPSS
Exploits0Affected Software1
Rows per page
Query Builder